Updated the user deletion to allow corporate to remove users from their groups, instead of deleting them

src/constants/userPermissions.ts

@@ -10,7 +10,7 @@ export const PERMISSIONS = {
 		developer: ["developer"],
 	},
 	deleteUser: {
-		student: ["teacher", "corporate", "developer", "admin"],
+		student: ["corporate", "developer", "admin"],
 		teacher: ["corporate", "developer", "admin"],
 		corporate: ["admin", "developer"],
 		admin: ["developer", "admin"],

src/pages/api/user.ts

@@ -1,6 +1,6 @@
 import {PERMISSIONS} from "@/constants/userPermissions";
 import {app, adminApp} from "@/firebase";
-import {User} from "@/interfaces/user";
+import {Group, User} from "@/interfaces/user";
 import {sessionOptions} from "@/lib/session";
 import {collection, deleteDoc, doc, getDoc, getDocs, getFirestore, query, setDoc, where} from "firebase/firestore";
 import {getAuth} from "firebase-admin/auth";
@@ -43,6 +43,19 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
 
 	const targetUser = {...docTargetUser.data(), id: docTargetUser.id} as User;
 
+	if (user.type === "corporate" && (targetUser.type === "student" || targetUser.type === "teacher")) {
+		res.json({ok: true});
+
+		const userParticipantGroup = await getDocs(query(collection(db, "groups"), where("participants", "array-contains", id)));
+		await Promise.all([
+			...userParticipantGroup.docs
+				.filter((x) => (x.data() as Group).admin === user.id)
+				.map(async (x) => await setDoc(x.ref, {participants: x.data().participants.filter((y: string) => y !== id)}, {merge: true})),
+		]);
+
+		return;
+	}
+
 	const permission = PERMISSIONS.deleteUser[targetUser.type];
 	if (!permission.includes(user.type)) {
 		res.status(403).json({ok: false});