refactor(user): streamline user deletion process and enhance team management logic

2025-06-25 12:14:35 +02:00
parent 7fb85314e5
commit e746e212cb
4 changed files with 105 additions and 66 deletions
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -72,6 +72,92 @@ class User extends Authenticatable implements SendsEmail
            $new_team = Team::create($team);
            $user->teams()->attach($new_team, ['role' => 'owner']);
        });
+
+        static::deleting(function (User $user) {
+
+            $teams = $user->teams;
+            foreach ($teams as $team) {
+                $user_alone_in_team = $team->members->count() === 1;
+
+                // Prevent deletion if user is alone in root team
+                if ($team->id === 0 && $user_alone_in_team) {
+                    throw new \Exception('User is alone in the root team, cannot delete');
+                }
+
+                if ($user_alone_in_team) {
+                    static::finalizeTeamDeletion($user, $team);
+                    // Delete any pending team invitations for this user
+                    TeamInvitation::whereEmail($user->email)->delete();
+
+                    continue;
+                }
+
+                // Load the user's role for this team
+                $userRole = $team->members->where('id', $user->id)->first()?->pivot?->role;
+
+                if ($userRole === 'owner') {
+                    $found_other_owner_or_admin = $team->members->filter(function ($member) use ($user) {
+                        return ($member->pivot->role === 'owner' || $member->pivot->role === 'admin') && $member->id !== $user->id;
+                    })->first();
+
+                    if ($found_other_owner_or_admin) {
+                        $team->members()->detach($user->id);
+
+                        continue;
+                    } else {
+                        $found_other_member_who_is_not_owner = $team->members->filter(function ($member) {
+                            return $member->pivot->role === 'member';
+                        })->first();
+
+                        if ($found_other_member_who_is_not_owner) {
+                            $found_other_member_who_is_not_owner->pivot->role = 'owner';
+                            $found_other_member_who_is_not_owner->pivot->save();
+                            $team->members()->detach($user->id);
+                        } else {
+                            static::finalizeTeamDeletion($user, $team);
+                        }
+
+                        continue;
+                    }
+                } else {
+                    $team->members()->detach($user->id);
+                }
+            }
+        });
+    }
+
+    /**
+     * Finalize team deletion by cleaning up all associated resources
+     */
+    private static function finalizeTeamDeletion(User $user, Team $team)
+    {
+        $servers = $team->servers;
+        foreach ($servers as $server) {
+            $resources = $server->definedResources();
+            foreach ($resources as $resource) {
+                $resource->forceDelete();
+            }
+            $server->forceDelete();
+        }
+
+        $projects = $team->projects;
+        foreach ($projects as $project) {
+            $project->forceDelete();
+        }
+
+        $team->members()->detach($user->id);
+        $team->delete();
+    }
+
+    /**
+     * Delete the user if they are not verified and have a force password reset.
+     * This is used to clean up users that have been invited, does not accepted the invitation (and did not verify their email and have a force password reset).
+     */
+    public function deleteIfNotVerifiedAndForcePasswordReset()
+    {
+        if ($this->hasVerifiedEmail() === false && $this->force_password_reset === true) {
+            $this->delete();
+        }
    }

    public function recreate_personal_team()