From 65d9704f2beb9f7fb4ab69741fedf767bce8ec96 Mon Sep 17 00:00:00 2001
From: Riddhesh Mahajan <40472653+riddhesh-mahajan@users.noreply.github.com>
Date: Fri, 12 Jan 2024 19:37:39 +0530
Subject: [PATCH] fix: add check for already used slug (#13076)

* add check for already used slug

* Update _patch.ts

Removed comment that added no value based on the code. Renamed const

---------

Co-authored-by: Keith Williams <keithwillcode@gmail.com>
---
 apps/api/pages/api/teams/[teamId]/_patch.ts | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/apps/api/pages/api/teams/[teamId]/_patch.ts b/apps/api/pages/api/teams/[teamId]/_patch.ts
index e1cfe2a865..cdc11dfc7d 100644
--- a/apps/api/pages/api/teams/[teamId]/_patch.ts
+++ b/apps/api/pages/api/teams/[teamId]/_patch.ts
@@ -58,6 +58,7 @@ export async function patchHandler(req: NextApiRequest) {
   const { prisma, body, userId } = req;
   const data = schemaTeamUpdateBodyParams.parse(body);
   const { teamId } = schemaQueryTeamId.parse(req.query);
+
   /** Only OWNERS and ADMINS can edit teams */
   const _team = await prisma.team.findFirst({
     include: { members: true },
@@ -65,6 +66,18 @@ export async function patchHandler(req: NextApiRequest) {
   });
   if (!_team) throw new HttpError({ statusCode: 401, message: "Unauthorized: OWNER or ADMIN required" });
 
+  const slugAlreadyExists = await prisma.team.findFirst({
+    where: {
+      slug: {
+        mode: "insensitive",
+        equals: data.slug,
+      },
+    },
+  });
+  
+  if (slugAlreadyExists && data.slug !== _team.slug)
+    throw new HttpError({ statusCode: 409, message: "Team slug already exists" });
+
   // Check if parentId is related to this user
   if (data.parentId && data.parentId === teamId) {
     throw new HttpError({