chore: prevent removing members from the default organization

Emyrk · Emyrk · commit d3fb4630d174 · 2024-08-01T13:10:42.000-05:00
Until multi-organizations is released outside an experiment, the
experiment should be backwards compatible.
diff --git a/coderd/members.go b/coderd/members.go
@@ -106,6 +106,19 @@ func (api *API) deleteOrganizationMember(rw http.ResponseWriter, r *http.Request
 	aReq.Old = member.OrganizationMember.Auditable(member.Username)
 	defer commitAudit()
 
+	if organization.IsDefault {
+		// Multi-organizations is currently an experiment, which means it is feasible
+		// for a deployment to enable, then disable this. To maintain backwards
+		// compatibility, this safety is necessary.
+		// TODO: Remove this check when multi-organizations is fully supported.
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message:     "Removing members from the default organization is not supported.",
+			Detail:      "Multi-organizations is currently an experiment, and until it is fully supported, the default org should be protected.",
+			Validations: nil,
+		})
+		return
+	}
+
 	if member.UserID == apiKey.UserID {
 		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{Message: "cannot remove self from an organization"})
 		return
