From 24319b841735a5fe2dbe27250602282ec4316dc0 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <lohanidamodar@users.noreply.github.com>
Date: Sun, 17 Mar 2024 14:51:27 +0545
Subject: [PATCH 1/3] Fix membership query to use internalId

---
 app/controllers/api/teams.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index 308f19e45e..aa74a49760 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -694,7 +694,7 @@ App::get('/v1/teams/:teamId/memberships')
         }
 
         // Set internal queries
-        $queries[] = Query::equal('teamId', [$teamId]);
+        $queries[] = Query::equal('teamInternalId', [$team->getInternalId()]);
 
         // Get cursor document if there was a cursor query
         $cursor = \array_filter($queries, function ($query) {

From 4fcb399867b181666532844d9aa79f1d62a8e4b0 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <lohanidamodar@users.noreply.github.com>
Date: Sun, 17 Mar 2024 14:54:08 +0545
Subject: [PATCH 2/3] use team internal id for membership check on update

---
 app/controllers/api/teams.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index aa74a49760..d6a98e5340 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -894,16 +894,16 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
             throw new Exception(Exception::MEMBERSHIP_NOT_FOUND);
         }
 
-        if ($membership->getAttribute('teamId') !== $teamId) {
-            throw new Exception(Exception::TEAM_MEMBERSHIP_MISMATCH);
-        }
-
         $team = Authorization::skip(fn() => $dbForProject->getDocument('teams', $teamId));
 
         if ($team->isEmpty()) {
             throw new Exception(Exception::TEAM_NOT_FOUND);
         }
 
+        if ($membership->getAttribute('teamInternalId') !== $team->getInternalId()) {
+            throw new Exception(Exception::TEAM_MEMBERSHIP_MISMATCH);
+        }
+
         if (Auth::hash($secret) !== $membership->getAttribute('secret')) {
             throw new Exception(Exception::TEAM_INVALID_SECRET);
         }

From 05221334e2a195ebd699133a9f81535b1041b7c5 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <lohanidamodar@users.noreply.github.com>
Date: Sun, 17 Mar 2024 14:55:31 +0545
Subject: [PATCH 3/3] use team internal id in delete memberships

---
 app/controllers/api/teams.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index d6a98e5340..978429e51c 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -1020,10 +1020,6 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId')
             throw new Exception(Exception::TEAM_INVITE_NOT_FOUND);
         }
 
-        if ($membership->getAttribute('teamId') !== $teamId) {
-            throw new Exception(Exception::TEAM_MEMBERSHIP_MISMATCH);
-        }
-
         $user = $dbForProject->getDocument('users', $membership->getAttribute('userId'));
 
         if ($user->isEmpty()) {
@@ -1036,6 +1032,10 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId')
             throw new Exception(Exception::TEAM_NOT_FOUND);
         }
 
+        if ($membership->getAttribute('teamInternalId') !== $team->getInternalId()) {
+            throw new Exception(Exception::TEAM_MEMBERSHIP_MISMATCH);
+        }
+
         $dbForProject->deleteDocument('memberships', $membership->getId());
         $dbForProject->deleteCachedDocument('users', $user->getId());