Access certain pages of team / organization pages with no access crashes app

[Shaik-Sirajuddin]

Found a bug? Please fill out the sections below. 👍

Issue Summary

Official hosted version of cal.com crashes when access certain pages of teams , organization with no access ,

Steps to Reproduce

1. Visit links
   /settings/teams/4/members
   /settings/teams/4/profile
2. User is redirected and crash occurs

Any other relevant information. For example, why do you consider this a bug and what did you expect to happen instead?

Actual Results

• user is redirected and app crashes

Expected Results

• successful redirection

Evidence

#15061 (comment)

[dosubot]

The issue you're encountering with accessing certain team and organization pages without proper access rights, leading to an application crash, appears to be a bug related to how unauthorized access is handled. This problem is similar to the one reported in GitHub issue [CAL-3715], which involves users seeing an empty page instead of being redirected when attempting to access organization-related pages without proper authorization. The intended fix, as discussed in pull request #15103, aims to address unauthorized access by implementing server-side checks to ensure that only users with the appropriate roles and permissions can access certain pages.

The key aspects of the fix involve:

• Verifying if the user is part of an organization and has an OWNER or ADMIN role.
• Implementing checks to return a notFound response if the user does not meet the necessary criteria, effectively blocking unauthorized access.

However, it seems there might be an unhandled edge case or a bug in the access control or redirection logic, especially concerning team pages, which could be causing the crash. The application's mechanism for handling unauthorized access involves both OrganizationRolesGuard and server-side checks, designed to manage access based on user roles within an organization.

To further diagnose and potentially resolve this issue, it would be helpful to have more details about the error message or crash report you're encountering, as well as information about your user role and membership status within the team or organization you're attempting to access. This additional information could provide crucial insights into the cause of the crash and how to address it.

Details

Sources

• [CAL-3715] visiting "Organization" pages without access shows empty page
• [CAL-2630] organizations: some teams throw 404
• packages/features/ee/organizations/pages/organization.tsx
• packages/features/ee/organizations/lib/ensureOrganizationIsReviewed.ts
• packages/trpc/server/routers/viewer/teams/get.handler.ts
• apps/api/v2/src/modules/auth/guards/organization-roles/organization-roles.guard.ts
• packages/features/ee/organizations/pages/settings/other-team-profile-view.tsx
• apps/web/pages/index.tsx
• packages/lib/getSafeRedirectUrl.ts
• packages/app-store/routing-forms/getEventTypeRedirectUrl.ts
• apps/web/next.config.js
• packages/platform/utils/permissions.ts
• apps/web/pages/auth/new.tsx
• apps/web/pages/auth/login.tsx
• apps/web/lib/teams/getServerSideProps.tsx
• apps/api/v1/pages/api/memberships/[id]/_auth-middleware.ts
• packages/platform/utils/tests/permissions.test.ts
• packages/platform/constants/permissions.ts
• packages/lib/entityPermissionUtils.ts

About Dosu
This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

To continue the conversation, mention @dosu.