[WIP] delete envs

src/app/(dynamic-pages)/(authenticated-pages)/(application-pages)/org/[organizationId]/(specific-organization-pages)/settings/SecretKeyManager.tsx

@@ -8,7 +8,7 @@ import { Dialog, DialogContent, DialogDescription, DialogFooter, DialogHeader, D
 import { Input } from '@/components/ui/input';
 import { Label } from '@/components/ui/label';
 import { motion } from 'framer-motion';
-import { Copy, Trash2 } from 'lucide-react';
+import { Copy, ShieldAlert, Trash2 } from 'lucide-react';
 import { useState } from 'react';
 import { toast } from 'sonner';
 
@@ -80,6 +80,15 @@ export function SecretsKeyManager({ publicKey: initialPublicKey, onCreateKeyPair
                     </CardDescription>
                 </CardHeader>
                 <CardContent>
+                    <Alert variant="default" className="mb-4">
+                        <ShieldAlert className="h-4 w-4" />
+                        <AlertTitle>Security Notice</AlertTitle>
+                        <AlertDescription>
+                            We prioritize your data security. We do not have access to your encrypted data.
+                            If you lose your private key, you'll need to recreate your secrets.
+                            Please ensure you store your private key securely.
+                        </AlertDescription>
+                    </Alert>
                     {publicKey ? (
                         <div className="space-y-4">
                             <div>
@@ -104,10 +113,10 @@ export function SecretsKeyManager({ publicKey: initialPublicKey, onCreateKeyPair
                                 </div>
                             </div>
                             {privateKey && (
-                                <Alert className='bg-muted/50'>
+                                <Alert variant="destructive" className='bg-muted/50'>
                                     <AlertTitle>Private Key (ONLY SHOWN ONCE)</AlertTitle>
                                     <AlertDescription>
-                                        <p className="mb-2">Save this in your GitHub Action Secrets (org level):</p>
+                                        <p className="mb-2">Save this in your GitHub Action Secrets (org level). You will not be able to retrieve it later:</p>
                                         <div className="flex items-center">
                                             <Input
                                                 readOnly
@@ -149,6 +158,7 @@ export function SecretsKeyManager({ publicKey: initialPublicKey, onCreateKeyPair
                                     <DialogTitle>Are you absolutely sure?</DialogTitle>
                                     <DialogDescription>
                                         This action cannot be undone. You will lose all your secrets without the possibility to recover them.
+                                        You will need to recreate your secrets if you proceed.
                                     </DialogDescription>
                                 </DialogHeader>
                                 <DialogFooter>

src/app/(dynamic-pages)/(authenticated-pages)/(application-pages)/org/[organizationId]/(specific-organization-pages)/settings/SetSecretsKey.tsx

@@ -1,5 +1,7 @@
 'use server';
 
+import { deleteAllEnvVars } from '@/data/admin/env-vars';
+import { getProjectIdsOfOrganization } from '@/data/admin/organizations';
 import { createKeyPair, deletePublicKey, getPublicKey } from '@/data/user/secretKey';
 import { SecretsKeyManager } from './SecretKeyManager';
 
@@ -19,6 +21,10 @@ export async function SetSecretsKey({ organizationId }: { organizationId: string
             onDeletePublicKey={async () => {
                 'use server';
                 const result = await deletePublicKey(organizationId);
+                const projectIds = await getProjectIdsOfOrganization(organizationId);
+                for (const projectId of projectIds) {
+                    await deleteAllEnvVars(projectId);
+                }
                 if (result.status === 'error') {
                     throw new Error(result.message);
                 }

src/app/(dynamic-pages)/(authenticated-pages)/(application-pages)/project/[projectSlug]/(specific-project-pages)/tfvars/page.tsx

@@ -1,6 +1,8 @@
 // page.tsx
 import { getAllEnvVars, getOrganizationPublicKey } from "@/data/admin/env-vars";
-import { getSlimProjectBySlug } from "@/data/user/projects";
+import { getLoggedInUserOrganizationRole } from "@/data/user/organizations";
+import { getSlimProjectBySlug, getSlimProjectWithTeamIdBySlug } from "@/data/user/projects";
+import { getLoggedInUserTeamRole } from "@/data/user/teams";
 import { projectSlugParamSchema } from "@/utils/zod-schemas/params";
 import type { Metadata } from "next";
 import TFVarsDetails from '../TFVarsDetails';
@@ -19,18 +21,23 @@ export async function generateMetadata({
 
 export default async function TFVarsPage({ params }: { params: unknown }) {
     const { projectSlug } = projectSlugParamSchema.parse(params);
-    const project = await getSlimProjectBySlug(projectSlug);
-    const [envVars, publicKey] = await Promise.all([
+    const project = await getSlimProjectWithTeamIdBySlug(projectSlug);
+    const [envVars, publicKey, orgRole, teamRole] = await Promise.all([
         getAllEnvVars(project.id),
-        getOrganizationPublicKey(project.organization_id)
+        getOrganizationPublicKey(project.organization_id),
+        getLoggedInUserOrganizationRole(project.organization_id),
+        project.team_id ? getLoggedInUserTeamRole(project.team_id) : Promise.resolve(null)
     ]);
+    const isTeamAdmin = teamRole === 'admin';
+    const isOrgAdmin = orgRole === 'admin' || orgRole === 'owner';
+    const canEdit = isTeamAdmin || isOrgAdmin;
 
     return (
         <div className="flex flex-col space-y-4 max-w-5xl mt-2">
             <TFVarsDetails
                 projectId={project.id}
                 orgId={project.organization_id}
-                isAllowedSecrets={Boolean(publicKey)}
+                isAllowedSecrets={Boolean(publicKey) && canEdit}
                 initialEnvVars={envVars}
             />
         </div>

src/data/admin/env-vars.ts

@@ -146,3 +146,12 @@ export async function getAllEnvVars(projectId: string): Promise<EnvVar[]> {
     }),
   );
 }
+
+export async function deleteAllEnvVars(projectId: string) {
+  const { error } = await supabaseAdminClient
+    .from('env_vars')
+    .delete()
+    .eq('project_id', projectId);
+
+  if (error) throw error;
+}

src/data/admin/organizations.ts

@@ -46,6 +46,15 @@ export async function getPaginatedOrganizationList({
   return data;
 }
 
+export async function getProjectIdsOfOrganization(organizationId: string) {
+  const { data, error } = await supabaseAdminClient
+    .from('projects')
+    .select('id')
+    .eq('organization_id', organizationId);
+  if (error) throw error;
+  return data.map((project) => project.id);
+}
+
 export async function getSlimOrganizationsOfUser(userId: string) {
   const { data: organizations, error: organizationsError } =
     await supabaseAdminClient

src/data/user/projects.tsx

@@ -38,6 +38,19 @@ export const getSlimProjectBySlug = async (projectSlug: string) => {
   return data;
 }
 
+export const getSlimProjectWithTeamIdBySlug = async (projectSlug: string) => {
+  const supabaseClient = createSupabaseUserServerComponentClient();
+  const { data, error } = await supabaseClient
+    .from("projects")
+    .select("id, slug, name, organization_id, team_id")
+    .eq("slug", projectSlug)
+    .single();
+  if (error) {
+    throw error;
+  }
+  return data;
+}
+
 export async function getProjectById(projectId: string) {
   const supabaseClient = createSupabaseUserServerComponentClient();
   const { data, error } = await supabaseClient