%!s(int64=6) %!d(string=hai) anos · c420af16b1
--- a/pkg/api/team_members.go
+++ b/pkg/api/team_members.go
@@ -67,6 +67,10 @@ func UpdateTeamMember(c *m.ReqContext, cmd m.UpdateTeamMemberCommand) Response {
 
				 		return Error(403, "Not allowed to update team member", err)
			
 
				 	}
			
 
				 
			
 
				+	if c.OrgRole != m.ROLE_ADMIN {
			
 
				+		cmd.ProtectLastAdmin = true
			
 
				+	}
			
 
				+
			
 
				 	cmd.TeamId = teamId
			
 
				 	cmd.UserId = c.ParamsInt64(":userId")
			
 
				 	cmd.OrgId = orgId
			
@@ -91,7 +95,7 @@ func (hs *HTTPServer) RemoveTeamMember(c *m.ReqContext) Response {
 
				 	}
			
 
				 
			
 
				 	protectLastAdmin := false
			
 
				-	if c.OrgRole == m.ROLE_EDITOR {
			
 
				+	if c.OrgRole != m.ROLE_ADMIN {
			
 
				 		protectLastAdmin = true
			
 
				 	}
			
 
				 
			
--- a/pkg/models/team_member.go
+++ b/pkg/models/team_member.go
@@ -35,10 +35,11 @@ type AddTeamMemberCommand struct {
 
				 }
			
 
				 
			
 
				 type UpdateTeamMemberCommand struct {
			
 
				-	UserId     int64          `json:"-"`
			
 
				-	OrgId      int64          `json:"-"`
			
 
				-	TeamId     int64          `json:"-"`
			
 
				-	Permission PermissionType `json:"permission"`
			
 
				+	UserId           int64          `json:"-"`
			
 
				+	OrgId            int64          `json:"-"`
			
 
				+	TeamId           int64          `json:"-"`
			
 
				+	Permission       PermissionType `json:"permission"`
			
 
				+	ProtectLastAdmin bool           `json:"-"`
			
 
				 }
			
 
				 
			
 
				 type RemoveTeamMemberCommand struct {
			
--- a/pkg/services/sqlstore/team.go
+++ b/pkg/services/sqlstore/team.go
@@ -271,6 +271,18 @@ func UpdateTeamMember(cmd *m.UpdateTeamMemberCommand) error {
 
				 			return m.ErrTeamMemberNotFound
			
 
				 		}
			
 
				 
			
 
				+		if cmd.ProtectLastAdmin {
			
 
				+			lastAdmin, err := isLastAdmin(sess, cmd.OrgId, cmd.TeamId, cmd.UserId)
			
 
				+			if err != nil {
			
 
				+				return err
			
 
				+			}
			
 
				+
			
 
				+			if lastAdmin {
			
 
				+				return m.ErrLastTeamAdmin
			
 
				+			}
			
 
				+
			
 
				+		}
			
 
				+
			
 
				 		if cmd.Permission != m.PERMISSION_ADMIN {
			
 
				 			cmd.Permission = 0
			
 
				 		}
			
--- a/pkg/services/sqlstore/team_test.go
+++ b/pkg/services/sqlstore/team_test.go
@@ -190,11 +190,21 @@ func TestTeamCommandsAndQueries(t *testing.T) {
 
				 				})
			
 
				 
			
 
				 				Convey("A user should be able to remove an admin if there are other admins", func() {
			
 
				-					err = AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
			
 
				+					AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
			
 
				 					err = RemoveTeamMember(&m.RemoveTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], ProtectLastAdmin: true})
			
 
				 					So(err, ShouldEqual, nil)
			
 
				 				})
			
 
				 
			
 
				+				Convey("A user should not be able to remove the admin permission for the last admin", func() {
			
 
				+					err = UpdateTeamMember(&m.UpdateTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], Permission: 0, ProtectLastAdmin: true})
			
 
				+					So(err, ShouldEqual, m.ErrLastTeamAdmin)
			
 
				+				})
			
 
				+
			
 
				+				Convey("A user should be able to remove the admin permission if there are other admins", func() {
			
 
				+					AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
			
 
				+					err = UpdateTeamMember(&m.UpdateTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], Permission: 0, ProtectLastAdmin: true})
			
 
				+					So(err, ShouldEqual, nil)
			
 
				+				})
			
 
				 			})
			
 
				 
			
 
				 			Convey("Should be able to remove a group with users and permissions", func() {