server/api/controllers/card-memberships/delete.js

/*!
 * Copyright (c) 2024 PLANKA Software GmbH
 * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
 */

/**
 * @swagger
 * /api/cards/{cardId}/memberships/{userId}:
 *   delete:
 *     summary: Remove user from card
 *     description: Removes a user from a card. Requires board editor permissions.
 *     tags:
 *       - Card Memberships
 *     parameters:
 *       - name: cardId
 *         in: path
 *         required: true
 *         description: ID of the card to remove the user from
 *         schema:
 *           type: string
 *           example: 1357158568008091264
 *       - name: userId
 *         in: path
 *         required: true
 *         description: ID of the user to remove from the card
 *         schema:
 *           type: string
 *           example: 1357158568008091265
 *     responses:
 *       200:
 *         description: User removed from card successfully
 *         content:
 *           application/json:
 *             schema:
 *               type: object
 *               required:
 *                 - item
 *               properties:
 *                 item:
 *                   $ref: '#/components/schemas/CardMembership'
 *       400:
 *         $ref: '#/components/responses/ValidationError'
 *       401:
 *         $ref: '#/components/responses/Unauthorized'
 *       403:
 *         $ref: '#/components/responses/Forbidden'
 *       404:
 *         $ref: '#/components/responses/NotFound'
 */

const { idInput } = require('../../../utils/inputs');

const Errors = {
  NOT_ENOUGH_RIGHTS: {
    notEnoughRights: 'Not enough rights',
  },
  CARD_NOT_FOUND: {
    cardNotFound: 'Card not found',
  },
  USER_NOT_CARD_MEMBER: {
    userNotCardMember: 'User not card member',
  },
};

module.exports = {
  inputs: {
    cardId: {
      ...idInput,
      required: true,
    },
    userId: {
      ...idInput,
      required: true,
    },
  },

  exits: {
    notEnoughRights: {
      responseType: 'forbidden',
    },
    cardNotFound: {
      responseType: 'notFound',
    },
    userNotCardMember: {
      responseType: 'notFound',
    },
  },

  async fn(inputs) {
    const { currentUser } = this.req;

    const { card, list, board, project } = await sails.helpers.cards
      .getPathToProjectById(inputs.cardId)
      .intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);

    const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
      board.id,
      currentUser.id,
    );

    if (!boardMembership) {
      throw Errors.CARD_NOT_FOUND; // Forbidden
    }

    if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
      throw Errors.NOT_ENOUGH_RIGHTS;
    }

    let cardMembership = await CardMembership.qm.getOneByCardIdAndUserId(
      inputs.cardId,
      inputs.userId,
    );

    if (!cardMembership) {
      throw Errors.USER_NOT_CARD_MEMBER;
    }

    const user = await User.qm.getOneById(cardMembership.userId);

    cardMembership = await sails.helpers.cardMemberships.deleteOne.with({
      user,
      project,
      board,
      list,
      card,
      record: cardMembership,
      actorUser: currentUser,
      request: this.req,
    });

    if (!cardMembership) {
      throw Errors.USER_NOT_CARD_MEMBER;
    }

    return {
      item: cardMembership,
    };
  },
};
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`/*!`
			`* Copyright (c) 2024 PLANKA Software GmbH`
			`* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md`
			`*/`

docs: Add full Swagger JSDoc coverage 2025-09-08 16:20:27 +02:00			`/**`
			`* @swagger`
			`* /api/cards/{cardId}/memberships/{userId}:`
			`* delete:`
			`* summary: Remove user from card`
			`* description: Removes a user from a card. Requires board editor permissions.`
			`* tags:`
			`* - Card Memberships`
			`* parameters:`
			`* - name: cardId`
			`* in: path`
			`* required: true`
			`* description: ID of the card to remove the user from`
			`* schema:`
			`* type: string`
			`* example: 1357158568008091264`
			`* - name: userId`
			`* in: path`
			`* required: true`
			`* description: ID of the user to remove from the card`
			`* schema:`
			`* type: string`
			`* example: 1357158568008091265`
			`* responses:`
			`* 200:`
			`* description: User removed from card successfully`
			`* content:`
			`* application/json:`
			`* schema:`
			`* type: object`
			`* required:`
			`* - item`
			`* properties:`
			`* item:`
			`* $ref: '#/components/schemas/CardMembership'`
			`* 400:`
			`* $ref: '#/components/responses/ValidationError'`
			`* 401:`
			`* $ref: '#/components/responses/Unauthorized'`
			`* 403:`
			`* $ref: '#/components/responses/Forbidden'`
			`* 404:`
			`* $ref: '#/components/responses/NotFound'`
			`*/`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`const { idInput } = require('../../../utils/inputs');`

Initial commit 2019-08-31 04:07:25 +05:00			`const Errors = {`
feat: Permissions for board members Closes #262 2022-08-19 14:00:40 +02:00			`NOT_ENOUGH_RIGHTS: {`
			`notEnoughRights: 'Not enough rights',`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`CARD_NOT_FOUND: {`
Add username to user 2020-04-03 00:35:25 +05:00			`cardNotFound: 'Card not found',`
Initial commit 2019-08-31 04:07:25 +05:00			`},`
Add username to user 2020-04-03 00:35:25 +05:00			`USER_NOT_CARD_MEMBER: {`
			`userNotCardMember: 'User not card member',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`};`

			`module.exports = {`
			`inputs: {`
			`cardId: {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`...idInput,`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`required: true,`
Initial commit 2019-08-31 04:07:25 +05:00			`},`
			`userId: {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`...idInput,`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`required: true,`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`},`

			`exits: {`
feat: Permissions for board members Closes #262 2022-08-19 14:00:40 +02:00			`notEnoughRights: {`
			`responseType: 'forbidden',`
			`},`
Add username to user 2020-04-03 00:35:25 +05:00			`cardNotFound: {`
			`responseType: 'notFound',`
			`},`
			`userNotCardMember: {`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`responseType: 'notFound',`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`},`

Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`async fn(inputs) {`
Initial commit 2019-08-31 04:07:25 +05:00			`const { currentUser } = this.req;`

feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00			`const { card, list, board, project } = await sails.helpers.cards`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`.getPathToProjectById(inputs.cardId)`
Add username to user 2020-04-03 00:35:25 +05:00			`.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);`
Initial commit 2019-08-31 04:07:25 +05:00
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(`
			`board.id,`
			`currentUser.id,`
			`);`
Initial commit 2019-08-31 04:07:25 +05:00
feat: Permissions for board members Closes #262 2022-08-19 14:00:40 +02:00			`if (!boardMembership) {`
Initial commit 2019-08-31 04:07:25 +05:00			`throw Errors.CARD_NOT_FOUND; // Forbidden`
			`}`

feat: Permissions for board members Closes #262 2022-08-19 14:00:40 +02:00			`if (boardMembership.role !== BoardMembership.Roles.EDITOR) {`
			`throw Errors.NOT_ENOUGH_RIGHTS;`
			`}`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`let cardMembership = await CardMembership.qm.getOneByCardIdAndUserId(`
			`inputs.cardId,`
			`inputs.userId,`
			`);`
Initial commit 2019-08-31 04:07:25 +05:00
			`if (!cardMembership) {`
Add username to user 2020-04-03 00:35:25 +05:00			`throw Errors.USER_NOT_CARD_MEMBER;`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

feat: Log action when user is removed from card 2025-05-17 22:24:37 +02:00			`const user = await User.qm.getOneById(cardMembership.userId);`

ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00			`cardMembership = await sails.helpers.cardMemberships.deleteOne.with({`
feat: Log action when user is removed from card 2025-05-17 22:24:37 +02:00			`user,`
feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00			`project,`
ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00			`board,`
feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00			`list,`
feat: Events via webhook (#771) Closes #215, closes #656 2024-06-06 20:22:14 +02:00			`card,`
ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00			`record: cardMembership,`
feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00			`actorUser: currentUser,`
ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00			`request: this.req,`
			`});`
Initial commit 2019-08-31 04:07:25 +05:00
			`if (!cardMembership) {`
Add username to user 2020-04-03 00:35:25 +05:00			`throw Errors.USER_NOT_CARD_MEMBER;`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`return {`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`item: cardMembership,`
Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`};`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`};`