From 8d212bc11062620ed4d66fd9a41f098fe6fd9d04 Mon Sep 17 00:00:00 2001 From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com> Date: Sun, 28 Dec 2025 14:50:59 +0100 Subject: [PATCH] fix(team): improve team retrieval and session handling for users --- app/Http/Controllers/Api/TeamController.php | 10 ++++++++-- app/Http/Middleware/DecideWhatToDoWithUser.php | 3 +++ app/Livewire/Team/Member.php | 6 +++--- app/Models/User.php | 8 ++++++++ 4 files changed, 22 insertions(+), 5 deletions(-) diff --git a/app/Http/Controllers/Api/TeamController.php b/app/Http/Controllers/Api/TeamController.php index e12d83542..fd0282d96 100644 --- a/app/Http/Controllers/Api/TeamController.php +++ b/app/Http/Controllers/Api/TeamController.php @@ -218,7 +218,10 @@ public function current_team(Request $request) if (is_null($teamId)) { return invalidTokenResponse(); } - $team = auth()->user()->currentTeam(); + $team = auth()->user()->teams->where('id', $teamId)->first(); + if (is_null($team)) { + return response()->json(['message' => 'Team not found.'], 404); + } return response()->json( $this->removeSensitiveData($team), @@ -263,7 +266,10 @@ public function current_team_members(Request $request) if (is_null($teamId)) { return invalidTokenResponse(); } - $team = auth()->user()->currentTeam(); + $team = auth()->user()->teams->where('id', $teamId)->first(); + if (is_null($team)) { + return response()->json(['message' => 'Team not found.'], 404); + } $team->members->makeHidden([ 'pivot', 'email_change_code', diff --git a/app/Http/Middleware/DecideWhatToDoWithUser.php b/app/Http/Middleware/DecideWhatToDoWithUser.php index dea9f6a9d..dbf261f4d 100644 --- a/app/Http/Middleware/DecideWhatToDoWithUser.php +++ b/app/Http/Middleware/DecideWhatToDoWithUser.php @@ -18,6 +18,9 @@ public function handle(Request $request, Closure $next): Response } if (auth()?->user()?->currentTeam()) { refreshSession(auth()->user()->currentTeam()); + } elseif (auth()?->user()?->teams?->count() > 0) { + // User's session team is invalid (e.g., removed from team), switch to first available team + refreshSession(auth()->user()->teams->first()); } if (! auth()->user() || ! isCloud()) { if (! isCloud() && showBoarding() && ! in_array($request->path(), allowedPathsForBoardingAccounts())) { diff --git a/app/Livewire/Team/Member.php b/app/Livewire/Team/Member.php index 96c98c637..b1f692365 100644 --- a/app/Livewire/Team/Member.php +++ b/app/Livewire/Team/Member.php @@ -71,11 +71,11 @@ public function remove() || Role::from($this->getMemberRole())->gt(auth()->user()->role())) { throw new \Exception('You are not authorized to perform this action.'); } + $teamId = currentTeam()->id; $this->member->teams()->detach(currentTeam()); + // Clear cache for the removed user - both old and new key formats Cache::forget("team:{$this->member->id}"); - Cache::remember('team:'.$this->member->id, 3600, function () { - return $this->member->teams()->first(); - }); + Cache::forget("user:{$this->member->id}:team:{$teamId}"); $this->dispatch('reloadWindow'); } catch (\Exception $e) { $this->dispatch('error', $e->getMessage()); diff --git a/app/Models/User.php b/app/Models/User.php index 560f21d0f..9437e0747 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -319,6 +319,14 @@ public function currentTeam(): ?Team return null; } + // Check if user actually belongs to this team + if (! $this->teams->contains('id', $sessionTeamId)) { + session()->forget('currentTeam'); + Cache::forget('user:'.$this->id.':team:'.$sessionTeamId); + + return null; + } + return Cache::remember('user:'.$this->id.':team:'.$sessionTeamId, 3600, function () use ($sessionTeamId) { return Team::find($sessionTeamId); });