From c915ef815df7c7bf774483d68b470aeff6f28ca4 Mon Sep 17 00:00:00 2001
From: Stefan Melmuk <stefan.melmuk@gmail.com>
Date: Tue, 27 Sep 2022 10:10:09 +0200
Subject: [PATCH] allow the removal of non-confirmed owners

ensure user_to_edit and user_to_delete are actually confirmed users,
before checking if they are the last owner of an organization.
---
 src/api/core/organizations.rs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
index 3934de88..dca4f393 100644
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@@ -999,8 +999,11 @@ async fn edit_user(
         err!("Only Owners can edit Owner users")
     }
 
-    if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner {
-        // Removing owner permmission, check that there is at least one other confirmed owner
+    if user_to_edit.atype == UserOrgType::Owner
+        && new_type != UserOrgType::Owner
+        && user_to_edit.status == UserOrgStatus::Confirmed as i32
+    {
+        // Removing owner permission, check that there is at least one other confirmed owner
         if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 {
             err!("Can't delete the last owner")
         }
@@ -1097,7 +1100,7 @@ async fn _delete_user(org_id: &str, org_user_id: &str, headers: &AdminHeaders, c
         err!("Only Owners can delete Admins or Owners")
     }
 
-    if user_to_delete.atype == UserOrgType::Owner {
+    if user_to_delete.atype == UserOrgType::Owner && user_to_delete.status == UserOrgStatus::Confirmed as i32 {
         // Removing owner, check that there is at least one other confirmed owner
         if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 {
             err!("Can't delete the last owner")
-- 
GitLab