refactor: more pbac replacements (#24135)

* getUserConnectedApps

* create teams

* use permission check in team deletion

* team read

* revert

* publish handler

* wip

* revert

* wip

* wip

Author: hbjORbj

packages/trpc/server/routers/viewer/credits/buyCredits.handler.ts

@@ -5,7 +5,7 @@ import { MembershipRepository } from "@calcom/lib/server/repository/membership";
 import { TeamRepository } from "@calcom/lib/server/repository/team";
 import { TeamService } from "@calcom/lib/server/service/teamService";
 import prisma from "@calcom/prisma";
-import { MembershipRole } from "@calcom/prisma/client";
+import { MembershipRole } from "@calcom/prisma/enums";
 import type { TrpcSessionUser } from "@calcom/trpc/server/types";
 
 import { TRPCError } from "@trpc/server";

packages/trpc/server/routers/viewer/credits/getAllCredits.handler.ts

@@ -1,7 +1,7 @@
 import { PermissionCheckService } from "@calcom/features/pbac/services/permission-check.service";
 import { MembershipRepository } from "@calcom/lib/server/repository/membership";
 import { TeamService } from "@calcom/lib/server/service/teamService";
-import { MembershipRole } from "@calcom/prisma/client";
+import { MembershipRole } from "@calcom/prisma/enums";
 import type { TrpcSessionUser } from "@calcom/trpc/server/types";
 
 import { TRPCError } from "@trpc/server";

packages/trpc/server/routers/viewer/organizations/addMembersToEventTypes.handler.ts

@@ -1,7 +1,7 @@
 import { PermissionCheckService } from "@calcom/features/pbac/services/permission-check.service";
 import prisma from "@calcom/prisma";
 import type { Prisma } from "@calcom/prisma/client";
-import { MembershipRole } from "@calcom/prisma/client";
+import { MembershipRole } from "@calcom/prisma/enums";
 
 import { TRPCError } from "@trpc/server";
 

packages/trpc/server/routers/viewer/organizations/deleteTeam.handler.ts

@@ -1,6 +1,6 @@
 import { PermissionCheckService } from "@calcom/features/pbac/services/permission-check.service";
 import { prisma } from "@calcom/prisma";
-import { MembershipRole } from "@calcom/prisma/client";
+import { MembershipRole } from "@calcom/prisma/enums";
 
 import { TRPCError } from "@trpc/server";
 

packages/trpc/server/routers/viewer/organizations/getTeams.handler.ts

@@ -1,3 +1,5 @@
+import { PermissionCheckService } from "@calcom/features/pbac/services/permission-check.service";
+import { MembershipRole } from "@calcom/prisma/enums";
 import { prisma } from "@calcom/prisma";
 
 import { TRPCError } from "@trpc/server";
@@ -16,6 +18,22 @@ export async function getTeamsHandler({ ctx }: GetTeamsHandler) {
 
   if (!currentUserOrgId) throw new TRPCError({ code: "UNAUTHORIZED" });
 
+  // Check if user has permission to read teams in the organization
+  const permissionCheckService = new PermissionCheckService();
+  const hasPermission = await permissionCheckService.checkPermission({
+    userId: currentUser.id,
+    teamId: currentUserOrgId,
+    permission: "team.read",
+    fallbackRoles: [MembershipRole.OWNER, MembershipRole.ADMIN, MembershipRole.MEMBER],
+  });
+
+  if (!hasPermission) {
+    throw new TRPCError({
+      code: "UNAUTHORIZED",
+      message: "You are not authorized to view teams in this organization",
+    });
+  }
+
   const allOrgTeams = await prisma.team.findMany({
     where: {
       parentId: currentUserOrgId,

packages/trpc/server/routers/viewer/organizations/publish.handler.ts

@@ -3,7 +3,7 @@ import { purchaseTeamOrOrgSubscription } from "@calcom/features/ee/teams/lib/pay
 import { PermissionCheckService } from "@calcom/features/pbac/services/permission-check.service";
 import { IS_TEAM_BILLING_ENABLED, WEBAPP_URL } from "@calcom/lib/constants";
 import { prisma } from "@calcom/prisma";
-import { MembershipRole } from "@calcom/prisma/client";
+import { MembershipRole } from "@calcom/prisma/enums";
 import { teamMetadataStrictSchema } from "@calcom/prisma/zod-utils";
 
 import { TRPCError } from "@trpc/server";