support delete org and preserve path on switch

2026-02-18 10:56:38 +00:00 · 2026-02-17 16:45:15 -08:00
parent b71f582329
commit 79cf7c84dc
4 changed files with 61 additions and 18 deletions
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -86,16 +86,14 @@ authenticated.post(
    org.updateOrg
 );

-if (build !== "saas") {
-    authenticated.delete(
-        "/org/:orgId",
-        verifyOrgAccess,
-        verifyUserIsOrgOwner,
-        verifyUserHasAction(ActionsEnum.deleteOrg),
-        logActionAudit(ActionsEnum.deleteOrg),
-        org.deleteOrg
-    );
-}
+authenticated.delete(
+    "/org/:orgId",
+    verifyOrgAccess,
+    verifyUserIsOrgOwner,
+    verifyUserHasAction(ActionsEnum.deleteOrg),
+    logActionAudit(ActionsEnum.deleteOrg),
+    org.deleteOrg
+);

 authenticated.put(
    "/org/:orgId/site",
--- a/server/routers/org/deleteOrg.ts
+++ b/server/routers/org/deleteOrg.ts
@@ -7,6 +7,8 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { deleteOrgById, sendTerminationMessages } from "@server/lib/deleteOrg";
+import { db, userOrgs, orgs } from "@server/db";
+import { eq, and } from "drizzle-orm";

 const deleteOrgSchema = z.strictObject({
    orgId: z.string()
@@ -41,6 +43,48 @@ export async function deleteOrg(
            );
        }
        const { orgId } = parsedParams.data;
+
+        const [data] = await db
+            .select()
+            .from(userOrgs)
+            .innerJoin(orgs, eq(userOrgs.orgId, orgs.orgId))
+            .where(
+                and(
+                    eq(userOrgs.orgId, orgId),
+                    eq(userOrgs.userId, req.user!.userId)
+                )
+            );
+
+        const org = data?.orgs;
+        const userOrg = data?.userOrgs;
+
+        if (!org || !userOrg) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Organization with ID ${orgId} not found`
+                )
+            );
+        }
+
+        if (!userOrg.isOwner) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "Only organization owners can delete the organization"
+                )
+            );
+        }
+
+        if (org.isBillingOrg) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "Cannot delete a primary organization"
+                )
+            );
+        }
+
        const result = await deleteOrgById(orgId);
        sendTerminationMessages(result);
        return response(res, {