chore: remove project at least one owner constraint (#9517)

nunogois · web-flow · commit 6b888abe10a3 · 2025-03-12T10:37:20.000Z
https://linear.app/unleash/issue/2-3393/remove-project-at-least-one-owner-constraint Removes our constraint that the project must have at least one owner.
diff --git a/frontend/src/component/project/ProjectAccess/ProjectAccessTable/ProjectAccessTable.tsx b/frontend/src/component/project/ProjectAccess/ProjectAccessTable/ProjectAccessTable.tsx
@@ -232,12 +232,8 @@ export const ProjectAccessTable: VFC = () => {
                                     ? 'group'
                                     : 'user'
                             }/${row.entity.id}`}
-                            disabled={access?.rows.length === 1}
                             tooltipProps={{
-                                title:
-                                    access?.rows.length === 1
-                                        ? 'Cannot edit access. A project must have at least one owner'
-                                        : 'Edit access',
+                                title: 'Edit access',
                             }}
                         >
                             <Edit />
@@ -253,12 +249,8 @@ export const ProjectAccessTable: VFC = () => {
                                 setSelectedRow(row);
                                 setRemoveOpen(true);
                             }}
-                            disabled={access?.rows.length === 1}
                             tooltipProps={{
-                                title:
-                                    access?.rows.length === 1
-                                        ? 'Cannot remove access. A project must have at least one owner'
-                                        : 'Remove access',
+                                title: 'Remove access',
                             }}
                         >
                             <Delete />
diff --git a/src/lib/error/index.ts b/src/lib/error/index.ts
@@ -10,7 +10,6 @@ import PermissionError from './permission-error';
 import { OperationDeniedError } from './operation-denied-error';
 import UserTokenError from './used-token-error';
 import RoleInUseError from './role-in-use-error';
-import ProjectWithoutOwnerError from './project-without-owner-error';
 import PasswordUndefinedError from './password-undefined';
 import PasswordMismatchError from './password-mismatch';
 import PatternError from './pattern-error';
@@ -32,7 +31,6 @@ export {
     OperationDeniedError,
     UserTokenError,
     RoleInUseError,
-    ProjectWithoutOwnerError,
     PasswordUndefinedError,
     PatternError,
     PasswordMismatchError,
diff --git a/src/lib/error/project-without-owner-error.ts b/src/lib/error/project-without-owner-error.ts
diff --git a/src/lib/error/unleash-error.test.ts b/src/lib/error/unleash-error.test.ts
@@ -10,7 +10,6 @@ import PermissionError from './permission-error';
 import OwaspValidationError from './owasp-validation-error';
 import IncompatibleProjectError from './incompatible-project-error';
 import PasswordUndefinedError from './password-undefined';
-import ProjectWithoutOwnerError from './project-without-owner-error';
 import NotFoundError from './notfound-error';
 import { validateString } from '../util/validators/constraint-types';
 import { fromLegacyError } from './from-legacy-error';
@@ -671,20 +670,6 @@ describe('Error serialization special cases', () => {
             ],
         });
     });
-
-    it('ProjectWithoutOwnerError: adds `validationErrors: []` to the `details` list', () => {
-        const error = new ProjectWithoutOwnerError();
-        const json = error.toJSON();
-
-        expect(json).toMatchObject({
-            details: [
-                {
-                    validationErrors: [],
-                    message: json.message,
-                },
-            ],
-        });
-    });
 });
 
 describe('Stack traces', () => {
diff --git a/src/lib/features/project/project-service.e2e.test.ts b/src/lib/features/project/project-service.e2e.test.ts
@@ -1579,225 +1579,6 @@ test('should able to assign role without existing members', async () => {
     expect(testUsers).toHaveLength(1);
 });
 
-describe('ensure project has at least one owner', () => {
-    test('should not remove user from the project', async () => {
-        const project = {
-            id: 'remove-users-not-allowed',
-            name: 'New project',
-            description: 'Blah',
-            mode: 'open' as const,
-            defaultStickiness: 'clientId',
-        };
-        await projectService.createProject(project, user, auditUser);
-
-        const roles = await stores.roleStore.getRolesForProject(project.id);
-        const ownerRole = roles.find((r) => r.name === RoleName.OWNER)!;
-
-        await expect(async () => {
-            await projectService.removeUser(
-                project.id,
-                ownerRole.id,
-                user.id,
-                auditUser,
-            );
-        }).rejects.toThrowError(
-            new Error('A project must have at least one owner'),
-        );
-
-        await expect(async () => {
-            await projectService.removeUserAccess(
-                project.id,
-                user.id,
-                auditUser,
-            );
-        }).rejects.toThrowError(
-            new Error('A project must have at least one owner'),
-        );
-    });
-
-    test('should be able to remove member user from the project when another is owner', async () => {
-        const project = {
-            id: 'remove-users-members-allowed',
-            name: 'New project',
-            description: 'Blah',
-            mode: 'open' as const,
-            defaultStickiness: 'clientId',
-        };
-        await projectService.createProject(project, user, auditUser);
-
-        const memberRole = await stores.roleStore.getRoleByName(
-            RoleName.MEMBER,
-        );
-
-        const memberUser = await stores.userStore.insert({
-            name: 'Some Name',
-            email: 'member@getunleash.io',
-        });
-
-        await projectService.addAccess(
-            project.id,
-            [memberRole.id],
-            [],
-            [memberUser.id],
-            auditUser,
-        );
-
-        const usersBefore = await projectService.getProjectUsers(project.id);
-        await projectService.removeUserAccess(
-            project.id,
-            memberUser.id,
-            auditUser,
-        );
-        const usersAfter = await projectService.getProjectUsers(project.id);
-        expect(usersBefore).toHaveLength(2);
-        expect(usersAfter).toHaveLength(1);
-    });
-
-    test('should not update role for user on project when she is the owner', async () => {
-        const project = {
-            id: 'update-users-not-allowed',
-            name: 'New project',
-            description: 'Blah',
-            mode: 'open' as const,
-            defaultStickiness: 'clientId',
-        };
-        await projectService.createProject(project, user, auditUser);
-
-        const projectMember1 = await stores.userStore.insert({
-            name: 'Some Member',
-            email: 'update991@getunleash.io',
-        });
-
-        const memberRole = await stores.roleStore.getRoleByName(
-            RoleName.MEMBER,
-        );
-
-        await projectService.addAccess(
-            project.id,
-            [memberRole.id],
-            [], // no groups
-            [projectMember1.id],
-            auditUser,
-        );
-
-        await expect(async () => {
-            await projectService.changeRole(
-                project.id,
-                memberRole.id,
-                user.id,
-                auditUser,
-            );
-        }).rejects.toThrowError(
-            new Error('A project must have at least one owner'),
-        );
-
-        await expect(async () => {
-            await projectService.setRolesForUser(
-                project.id,
-                user.id,
-                [memberRole.id],
-                auditUser,
-            );
-        }).rejects.toThrowError(
-            new Error('A project must have at least one owner'),
-        );
-    });
-
-    async function projectWithGroupOwner(projectId: string) {
-        const project = {
-            id: projectId,
-            name: 'New project',
-            description: 'Blah',
-            mode: 'open' as const,
-            defaultStickiness: 'clientId',
-        };
-        await projectService.createProject(project, user, auditUser);
-
-        const roles = await stores.roleStore.getRolesForProject(project.id);
-        const ownerRole = roles.find((r) => r.name === RoleName.OWNER)!;
-
-        await projectService.addGroup(
-            project.id,
-            ownerRole.id,
-            group.id,
-            auditUser,
-        );
-
-        // this should be fine, leaving the group as the only owner
-        // note group has zero members, but it still acts as an owner
-        await projectService.removeUser(
-            project.id,
-            ownerRole.id,
-            user.id,
-            auditUser,
-        );
-
-        return {
-            project,
-            group,
-            ownerRole,
-        };
-    }
-
-    test('should not remove group from the project', async () => {
-        const { project, group, ownerRole } = await projectWithGroupOwner(
-            'remove-group-not-allowed',
-        );
-
-        await expect(async () => {
-            await projectService.removeGroup(
-                project.id,
-                ownerRole.id,
-                group.id,
-                auditUser,
-            );
-        }).rejects.toThrowError(
-            new Error('A project must have at least one owner'),
-        );
-
-        await expect(async () => {
-            await projectService.removeGroupAccess(
-                project.id,
-                group.id,
-                auditUser,
-            );
-        }).rejects.toThrowError(
-            new Error('A project must have at least one owner'),
-        );
-    });
-
-    test('should not update role for group on project when she is the owner', async () => {
-        const { project, group } = await projectWithGroupOwner(
-            'update-group-not-allowed',
-        );
-        const memberRole = await stores.roleStore.getRoleByName(
-            RoleName.MEMBER,
-        );
-
-        await expect(async () => {
-            await projectService.changeGroupRole(
-                project.id,
-                memberRole.id,
-                group.id,
-                auditUser,
-            );
-        }).rejects.toThrowError(
-            new Error('A project must have at least one owner'),
-        );
-
-        await expect(async () => {
-            await projectService.setRolesForGroup(
-                project.id,
-                group.id,
-                [memberRole.id],
-                auditUser,
-            );
-        }).rejects.toThrowError(
-            new Error('A project must have at least one owner'),
-        );
-    });
-});
-
 test('Should allow bulk update of group permissions', async () => {
     const project = {
         id: 'bulk-update-project',
diff --git a/src/lib/features/project/project-service.test.ts b/src/lib/features/project/project-service.test.ts
@@ -2,7 +2,6 @@ import { createTestConfig } from '../../../test/config/test-config';
 import { BadDataError } from '../../error';
 import { type IBaseEvent, RoleName, TEST_AUDIT_USER } from '../../types';
 import { createFakeProjectService } from './createProjectService';
-import ProjectService from './project-service';
 
 describe('enterprise extension: enable change requests', () => {
     const createService = () => {
@@ -301,44 +300,4 @@ describe('enterprise extension: enable change requests', () => {
             ),
         ).resolves.toBeTruthy();
     });
-
-    test('has at least one owner after deletion when group has the role and a project user for role exists', async () => {
-        const config = createTestConfig();
-        const projectId = 'fake-project-id';
-        const service = new ProjectService(
-            {
-                projectStore: {} as any,
-                projectOwnersReadModel: {} as any,
-                projectFlagCreatorsReadModel: {} as any,
-                eventStore: {} as any,
-                featureToggleStore: {} as any,
-                environmentStore: {} as any,
-                featureEnvironmentStore: {} as any,
-                accountStore: {} as any,
-                projectStatsStore: {} as any,
-                projectReadModel: {} as any,
-                onboardingReadModel: {} as any,
-            },
-            config,
-            {
-                getProjectUsersForRole: async () =>
-                    Promise.resolve([{ id: 1 } as any]),
-            } as any,
-            {} as any,
-            {
-                getProjectGroups: async () =>
-                    Promise.resolve([{ roles: [2, 5] } as any]),
-            } as any,
-            {} as any,
-            {} as any,
-            {} as any,
-            {} as any,
-        );
-
-        await service.validateAtLeastOneOwner(projectId, {
-            id: 5,
-            name: 'Owner',
-            type: 'Owner',
-        });
-    });
 });
diff --git a/src/lib/features/project/project-service.ts b/src/lib/features/project/project-service.ts
