From 9d221cc62c4f6e94e048de86eccbd6a470b2312c Mon Sep 17 00:00:00 2001
From: Milan Pavlik <milan@gitpod.io>
Date: Tue, 11 Oct 2022 08:14:22 +0000
Subject: [PATCH] [server] Prevent changing role for teams of size 1

---
 components/gitpod-db/src/typeorm/team-db-impl.ts | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/components/gitpod-db/src/typeorm/team-db-impl.ts b/components/gitpod-db/src/typeorm/team-db-impl.ts
index 5a1ed24a53d7aa..b986bf623092a3 100644
--- a/components/gitpod-db/src/typeorm/team-db-impl.ts
+++ b/components/gitpod-db/src/typeorm/team-db-impl.ts
@@ -203,6 +203,18 @@ export class TeamDBImpl implements TeamDB {
             throw new ResponseError(ErrorCodes.NOT_FOUND, "A team with this ID could not be found");
         }
         const membershipRepo = await this.getMembershipRepo();
+
+        if (role != "owner") {
+            const ownerCount = await membershipRepo.count({
+                teamId,
+                role: "owner",
+                deleted: false,
+            });
+            if (ownerCount <= 1) {
+                throw new ResponseError(ErrorCodes.CONFLICT, "Team must retain at least one owner");
+            }
+        }
+
         const membership = await membershipRepo.findOne({ teamId, userId, deleted: false });
         if (!membership) {
             throw new ResponseError(ErrorCodes.NOT_FOUND, "The user is not currently a member of this team");