From c9cac3539c129540a736507908662a20fa839fc4 Mon Sep 17 00:00:00 2001
From: Tiago Ribeiro <tiago.ribeiro@ecrop.dev>
Date: Tue, 2 Jan 2024 11:48:15 +0000
Subject: [PATCH] Made sure it only happens for corporate students

---
 src/pages/api/users/update.ts | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/pages/api/users/update.ts b/src/pages/api/users/update.ts
index e82fdf58..9f194a88 100644
--- a/src/pages/api/users/update.ts
+++ b/src/pages/api/users/update.ts
@@ -110,17 +110,22 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
 			const credential = await signInWithEmailAndPassword(auth, req.session.user.email, updatedUser.password);
 			await updateEmail(credential.user, updatedUser.email);
 
-			const groups = ((await getDocs(collection(db, "groups"))).docs.map((x) => ({...x.data(), id: x.id})) as Group[]).filter((x) =>
-				x.participants.includes(req.session.user!.id),
-			);
-
-			groups.forEach(async (group) => {
-				await setDoc(
-					doc(db, "groups", group.id),
-					{participants: group.participants.filter((x) => x !== req.session.user!.id)},
-					{merge: true},
+			if (req.session.user.type === "student") {
+				const corporateAdmins = ((await getDocs(collection(db, "users"))).docs.map((x) => ({...x.data(), id: x.id})) as User[])
+					.filter((x) => x.type === "corporate")
+					.map((x) => x.id);
+				const groups = ((await getDocs(collection(db, "groups"))).docs.map((x) => ({...x.data(), id: x.id})) as Group[]).filter(
+					(x) => x.participants.includes(req.session.user!.id) && corporateAdmins.includes(x.admin),
 				);
-			});
+
+				groups.forEach(async (group) => {
+					await setDoc(
+						doc(db, "groups", group.id),
+						{participants: group.participants.filter((x) => x !== req.session.user!.id)},
+						{merge: true},
+					);
+				});
+			}
 		} catch {
 			res.status(400).json({error: "E002", message: errorMessages.E002});
 			return;