@capgo/cli 4.2.3 → 4.2.7

package/src/app/add.ts

@@ -37,7 +37,7 @@ export async function addApp(appId: string, options: Options, throwErr = true) {
   }
   const supabase = await createSupabaseClient(options.apikey)
 
-  const userId = await verifyUser(supabase, options.apikey, ['write', 'all'])
+  let userId = await verifyUser(supabase, options.apikey, ['write', 'all'])
 
   await checkPlanValid(supabase, userId, options.apikey, undefined, false)
 
@@ -51,6 +51,37 @@ export async function addApp(appId: string, options: Options, throwErr = true) {
     return true
   }
 
+  const { error: orgError, data: allOrganizations } = await supabase
+    .rpc('get_orgs_v4')
+
+  if (orgError) {
+    p.log.error('Cannot get the list of organizations - exiting')
+    p.log.error(`Error ${JSON.stringify(orgError)}`)
+    program.error('')
+  }
+
+  const adminOrgs = allOrganizations.filter(org => org.role === 'admin' || org.role === 'super_admin')
+
+  const organizationUidRaw = (adminOrgs.length > 1)
+    ? await p.select({
+      message: 'Please pick the organization that you want to insert to',
+      options: adminOrgs.map((org) => {
+        return { value: org.gid, label: org.name }
+      }),
+    })
+    : adminOrgs[0].gid
+
+  if (p.isCancel(organizationUidRaw)) {
+    p.log.error('Canceled organization selection, exiting')
+    program.error('')
+  }
+
+  const organizationUid = organizationUidRaw as string
+  const organization = allOrganizations.find(org => org.gid === organizationUid)!
+  userId = organization.created_by
+
+  p.log.info(`Using the organization "${organization.name}" as the app owner`)
+
   let { name, icon } = options
   appId = appId || config?.app?.appId
   name = name || config?.app?.appName || 'Unknown'
@@ -106,7 +137,7 @@ export async function addApp(appId: string, options: Options, throwErr = true) {
     .from('apps')
     .insert({
       icon_url: signedURL,
-      user_id: userId,
+      owner_org: organizationUid,
       name,
       app_id: appId,
     })
@@ -117,12 +148,12 @@ export async function addApp(appId: string, options: Options, throwErr = true) {
   const { error: dbVersionError } = await supabase
     .from('app_versions')
     .insert([{
-      user_id: userId,
+      owner_org: organizationUid,
       deleted: true,
       name: 'unknown',
       app_id: appId,
     }, {
-      user_id: userId,
+      owner_org: organizationUid,
       deleted: true,
       name: 'builtin',
       app_id: appId,

package/src/app/debug.ts

@@ -4,9 +4,15 @@ import type { SupabaseClient } from '@supabase/supabase-js'
 import { program } from 'commander'
 import type LogSnag from 'logsnag'
 import type { Database } from '../types/supabase.types'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import { checkLatest } from '../api/update'
-import { convertAppName, createSupabaseClient, findSavedKey, formatError, getConfig, getLocalConfig, useLogSnag, verifyUser, wait } from '../utils'
+import { OrganizationPerm, convertAppName, createSupabaseClient, findSavedKey, formatError, getConfig, getLocalConfig, useLogSnag, verifyUser } from '../utils'
+
+function wait(ms: number) {
+  return new Promise((resolve) => {
+    setTimeout(resolve, ms)
+  })
+}
 
 export interface OptionsBaseDebug {
   apikey: string
@@ -194,7 +200,7 @@ export async function debugApp(appId: string, options: OptionsBaseDebug) {
   p.log.info(`Getting active bundle in Capgo`)
 
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.admin)
 
   const doRun = await p.confirm({ message: `Automatic check if update working in device ?` })
   await cancelCommand('debug', doRun, userId, snag)

package/src/app/delete.ts

@@ -1,9 +1,9 @@
 import process from 'node:process'
 import { program } from 'commander'
 import * as p from '@clack/prompts'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import type { OptionsBase } from '../utils'
-import { createSupabaseClient, findSavedKey, getConfig, useLogSnag, verifyUser } from '../utils'
+import { OrganizationPerm, createSupabaseClient, findSavedKey, formatError, getConfig, useLogSnag, verifyUser } from '../utils'
 
 export async function deleteApp(appId: string, options: OptionsBase) {
   p.intro(`Deleting`)
@@ -24,7 +24,45 @@ export async function deleteApp(appId: string, options: OptionsBase) {
 
   const userId = await verifyUser(supabase, options.apikey, ['write', 'all'])
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.super_admin)
+
+  const { data: appOwnerRaw, error: appOwnerError } = await supabase.from('apps')
+    .select(`owner_org ( created_by )`)
+    .eq('app_id', appId)
+    .single()
+
+  const appOwner = appOwnerRaw as { owner_org: { created_by: string } } | null
+
+  if (!appOwnerError && (appOwner?.owner_org.created_by ?? '') !== userId) {
+    // We are dealing with a member user that is not the owner
+    // Deleting the app is not recomended at this stage
+
+    p.log.warn('Deleting the app is not recomended for users that are not the organization owner')
+    p.log.warn('You are invited as a super_admin but your are not the owner')
+    p.log.warn('It\'s strongly recomended that you do not continue!')
+
+    const shouldContinue = await p.select({
+      message: 'Do you want to continue?',
+      options: [
+        {
+          label: 'Yes',
+          value: 'yes',
+        },
+        {
+          label: 'No',
+          value: 'no',
+        },
+      ],
+    })
+
+    if (p.isCancel(shouldContinue) || shouldContinue === 'no') {
+      p.log.error('Canceled deleting the app, exiting')
+      program.error('')
+    }
+  }
+  else if (appOwnerError) {
+    p.log.warn(`Cannot get the app owner ${formatError(appOwnerError)}`)
+  }
 
   const { error } = await supabase
     .storage
@@ -37,10 +75,10 @@ export async function deleteApp(appId: string, options: OptionsBase) {
     .storage
     .from(`apps/${appId}/${userId}`)
     .remove(['versions'])
-  if (delError) {
+  if (delError)
     p.log.error('Could not delete app version')
-    program.error('')
-  }
+  // We should not care too much, most is in r2 anyways :/
+  // program.error('')
 
   const { error: dbError } = await supabase
     .from('apps')

package/src/app/set.ts

@@ -5,8 +5,8 @@ import mime from 'mime'
 import { program } from 'commander'
 import * as p from '@clack/prompts'
 import type { Options } from '../api/app'
-import { checkAppExistsAndHasPermissionErr, newIconPath } from '../api/app'
-import { createSupabaseClient, findSavedKey, formatError, getConfig, verifyUser } from '../utils'
+import { checkAppExistsAndHasPermissionOrgErr, newIconPath } from '../api/app'
+import { OrganizationPerm, createSupabaseClient, findSavedKey, formatError, getConfig, verifyUser } from '../utils'
 
 export async function setApp(appId: string, options: Options) {
   p.intro(`Set app`)
@@ -26,11 +26,11 @@ export async function setApp(appId: string, options: Options) {
 
   const userId = await verifyUser(supabase, options.apikey, ['write', 'all'])
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.admin)
 
   const { name, icon, retention } = options
 
-  if (retention && !Number.isNaN(Number(retention))) {
+  if (retention && Number.isNaN(Number(retention))) {
     p.log.error(`retention value must be a number`)
     program.error(``)
   }

package/src/bundle/cleanup.ts

@@ -6,9 +6,9 @@ import promptSync from 'prompt-sync'
 import type { SupabaseClient } from '@supabase/supabase-js'
 import type { Database } from '../types/supabase.types'
 import type { OptionsBase } from '../utils'
-import { createSupabaseClient, findSavedKey, getConfig, getHumanDate, verifyUser } from '../utils'
+import { OrganizationPerm, createSupabaseClient, findSavedKey, getConfig, getHumanDate, verifyUser } from '../utils'
 import { deleteSpecificVersion, displayBundles, getActiveAppVersions, getChannelsVersion } from '../api/versions'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import { checkLatest } from '../api/update'
 
 interface Options extends OptionsBase {
@@ -57,15 +57,14 @@ export async function cleanupBundle(appid: string, options: Options) {
   }
   const supabase = await createSupabaseClient(options.apikey)
 
-  const userId = await verifyUser(supabase, options.apikey)
+  const userId = await verifyUser(supabase, options.apikey, ['write', 'all'])
 
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appid)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appid, OrganizationPerm.write)
   p.log.info(`Querying all available versions in Capgo`)
 
   // Get all active app versions we might possibly be able to cleanup
-  let allVersions: (Database['public']['Tables']['app_versions']['Row'] & { keep?: string })[] = await
-  getActiveAppVersions(supabase, appid, userId)
+  let allVersions: (Database['public']['Tables']['app_versions']['Row'] & { keep?: string })[] = await getActiveAppVersions(supabase, appid, userId)
 
   const versionInUse = await getChannelsVersion(supabase, appid)
 

package/src/bundle/compatibility.ts

@@ -2,8 +2,8 @@ import * as p from '@clack/prompts'
 import { program } from 'commander'
 import { Table } from 'console-table-printer'
 import type { OptionsBase } from '../utils'
-import { checkCompatibility, createSupabaseClient, findSavedKey, getConfig, verifyUser } from '../utils'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { OrganizationPerm, checkCompatibility, createSupabaseClient, findSavedKey, getConfig, verifyUser } from '../utils'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 
 interface Options extends OptionsBase {
   channel?: string
@@ -36,7 +36,7 @@ export async function checkCompatibilityCommand(appId: string, options: Options)
   await verifyUser(supabase, options.apikey, ['write', 'all', 'read', 'upload'])
 
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.read)
 
   // const hashedLocalDependencies = new Map(dependenciesObject
   //     .filter((a) => !!a.native && a.native !== undefined)

package/src/bundle/delete.ts

@@ -1,9 +1,9 @@
 import process from 'node:process'
 import { program } from 'commander'
 import * as p from '@clack/prompts'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import type { OptionsBase } from '../utils'
-import { createSupabaseClient, findSavedKey, getConfig, verifyUser } from '../utils'
+import { OrganizationPerm, createSupabaseClient, findSavedKey, getConfig, verifyUser } from '../utils'
 import { deleteSpecificVersion } from '../api/versions'
 
 interface Options extends OptionsBase {
@@ -28,7 +28,7 @@ export async function deleteBundle(bundleId: string, appId: string, options: Opt
 
   const userId = await verifyUser(supabase, options.apikey, ['write', 'all'])
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.write)
 
   appId = appId || config?.app?.appId
   if (!options.apikey) {

package/src/bundle/list.ts

@@ -1,10 +1,10 @@
 import process from 'node:process'
 import { program } from 'commander'
 import * as p from '@clack/prompts'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import { displayBundles, getActiveAppVersions } from '../api/versions'
 import type { OptionsBase } from '../utils'
-import { createSupabaseClient, findSavedKey, getConfig, verifyUser } from '../utils'
+import { OrganizationPerm, createSupabaseClient, findSavedKey, getConfig, verifyUser } from '../utils'
 import { checkLatest } from '../api/update'
 
 export async function listBundle(appId: string, options: OptionsBase) {
@@ -30,7 +30,7 @@ export async function listBundle(appId: string, options: OptionsBase) {
   p.log.info(`Querying available versions of: ${appId} in Capgo`)
 
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.read)
 
   // Get all active app versions we might possibly be able to cleanup
   const allVersions = await getActiveAppVersions(supabase, appId, userId)

package/src/bundle/unlink.ts

@@ -4,11 +4,12 @@ import * as p from '@clack/prompts'
 import { getVersionData } from '../api/versions'
 import { checkVersionNotUsedInDeviceOverride } from '../api/devices_override'
 import { checkVersionNotUsedInChannel } from '../api/channels'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import type {
   OptionsBase,
 } from '../utils'
 import {
+  OrganizationPerm,
   checkPlanValid,
   createSupabaseClient,
   findSavedKey,
@@ -23,7 +24,7 @@ interface Options extends OptionsBase {
 }
 
 export async function unlinkDevice(channel: string, appId: string, options: Options) {
-  p.intro(`Unlink bundle`)
+  p.intro(`Unlink bundle ${options.apikey}`)
   options.apikey = options.apikey || findSavedKey()
   const config = await getConfig()
   appId = appId || config?.app?.appId
@@ -46,9 +47,9 @@ export async function unlinkDevice(channel: string, appId: string, options: Opti
   }
   const supabase = await createSupabaseClient(options.apikey)
 
-  const userId = await verifyUser(supabase, options.apikey, ['write', 'all'])
+  const userId = await verifyUser(supabase, options.apikey, ['all', 'write'])
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.write)
 
   if (!channel) {
     p.log.error('Missing argument, you need to provide a channel')
@@ -57,8 +58,8 @@ export async function unlinkDevice(channel: string, appId: string, options: Opti
   try {
     await checkPlanValid(supabase, userId, options.apikey, appId)
 
-    const versionData = await getVersionData(supabase, appId, userId, bundle)
-    await checkVersionNotUsedInChannel(supabase, appId, userId, versionData)
+    const versionData = await getVersionData(supabase, appId, bundle)
+    await checkVersionNotUsedInChannel(supabase, appId, versionData)
     await checkVersionNotUsedInDeviceOverride(supabase, appId, versionData)
     await snag.track({
       channel: 'bundle',

package/src/bundle/upload.ts

@@ -15,6 +15,7 @@ import type {
   OptionsBase,
 } from '../utils'
 import {
+  EMPTY_UUID,
   OrganizationPerm,
   baseKeyPub,
   checkCompatibility,
@@ -60,7 +61,7 @@ export async function uploadBundle(appid: string, options: Options, shouldExit =
   p.intro(`Uploading`)
   await checkLatest()
   let { bundle, path, channel } = options
-  const { external, key = false, displayIvSession, autoMinUpdateVersion, ignoreMetadataCheck } = options
+  const { external, key, displayIvSession, autoMinUpdateVersion, ignoreMetadataCheck } = options
   let { minUpdateVersion } = options
   options.apikey = options.apikey || findSavedKey()
   const snag = useLogSnag()
@@ -212,9 +213,6 @@ export async function uploadBundle(appid: string, options: Options, shouldExit =
     p.log.error(`Version already exists ${formatError(appVersionError)}`)
     program.error('')
   }
-  // make bundle safe for s3 name https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html
-  const safeBundle = bundle.replace(/[^a-zA-Z0-9-_.!*'()]/g, '__')
-  const fileName = `${safeBundle}.zip`
 
   let sessionKey
   let checksum = ''
@@ -227,7 +225,11 @@ export async function uploadBundle(appid: string, options: Options, shouldExit =
     s.start(`Calculating checksum`)
     checksum = await getChecksum(zipped, 'crc32')
     s.stop(`Checksum: ${checksum}`)
-    if (key || existsSync(baseKeyPub)) {
+    // key should be undefined or a string if false it should ingore encryption
+    if (key === false) {
+      p.log.info(`Encryption ignored`)
+    }
+    else if (key || existsSync(baseKeyPub)) {
       const publicKey = typeof key === 'string' ? key : baseKeyPub
       let keyData = options.keyData || ''
       // check if publicKey exist
@@ -314,8 +316,7 @@ It will be also visible in your dashboard\n`)
   const appOwner = await getAppOwner(supabase, appid)
 
   const versionData = {
-    bucket_id: external ? undefined : fileName,
-    user_id: appOwner,
+    // bucket_id: external ? undefined : fileName,
     name: bundle,
     app_id: appid,
     session_key: sessionKey,
@@ -323,6 +324,8 @@ It will be also visible in your dashboard\n`)
     storage_provider: external ? 'external' : 'r2-direct',
     minUpdateVersion,
     native_packages: nativePackages,
+    owner_org: EMPTY_UUID,
+    user_id: userId,
     checksum,
   }
   const { error: dbError } = await updateOrCreateVersion(supabase, versionData)
@@ -334,7 +337,7 @@ It will be also visible in your dashboard\n`)
     const spinner = p.spinner()
     spinner.start(`Uploading Bundle`)
 
-    const url = await uploadUrl(supabase, appid, fileName)
+    const url = await uploadUrl(supabase, appid, bundle)
     if (!url) {
       p.log.error(`Cannot get upload url`)
       program.error('')
@@ -368,6 +371,7 @@ It will be also visible in your dashboard\n`)
       app_id: appid,
       created_by: appOwner,
       version: versionId,
+      owner_org: EMPTY_UUID,
     })
     if (dbError3) {
       p.log.error(`Cannot set channel, the upload key is not allowed to do that, use the "all" for this. ${formatError(dbError3)}`)

package/src/bundle/zip.ts

@@ -112,15 +112,6 @@ export async function zipBundle(appId: string, options: Options) {
   if (!json)
     s2.stop(`Saved to ${name}`)
 
-  if (options.json) {
-    const output = {
-      bundle,
-      filename: name,
-      checksum,
-    }
-    p.log.info(formatError(output))
-  }
-
   await snag.track({
     channel: 'app',
     event: 'App zip',
@@ -133,5 +124,16 @@ export async function zipBundle(appId: string, options: Options) {
 
   if (!json)
     p.outro(`Done ✅`)
+
+  if (json) {
+    const output = {
+      bundle,
+      filename: name,
+      checksum,
+    }
+    // Keep the console log and stringify
+    // eslint-disable-next-line no-console
+    console.log(JSON.stringify(output, null, 2))
+  }
   process.exit()
 }

package/src/channel/add.ts

@@ -1,10 +1,10 @@
 import process from 'node:process'
 import { program } from 'commander'
 import * as p from '@clack/prompts'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import { createChannel, findUnknownVersion } from '../api/channels'
 import type { OptionsBase } from '../utils'
-import { createSupabaseClient, findSavedKey, getConfig, useLogSnag, verifyUser } from '../utils'
+import { EMPTY_UUID, OrganizationPerm, createSupabaseClient, findSavedKey, getConfig, useLogSnag, verifyUser } from '../utils'
 
 interface Options extends OptionsBase {
   default?: boolean
@@ -29,7 +29,7 @@ export async function addChannel(channelId: string, appId: string, options: Opti
 
   const userId = await verifyUser(supabase, options.apikey, ['write', 'all'])
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.admin)
 
   p.log.info(`Creating channel ${appId}#${channelId} to Capgo`)
   try {
@@ -42,7 +42,7 @@ export async function addChannel(channelId: string, appId: string, options: Opti
       name: channelId,
       app_id: appId,
       version: data.id,
-      created_by: userId,
+      owner_org: EMPTY_UUID,
     })
     p.log.success(`Channel created ✅`)
     await snag.track({

package/src/channel/currentBundle.ts

@@ -1,9 +1,9 @@
 import process from 'node:process'
 import { program } from 'commander'
 import * as p from '@clack/prompts'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import type { OptionsBase } from '../utils'
-import { createSupabaseClient, findSavedKey, getConfig, verifyUser } from '../utils'
+import { OrganizationPerm, createSupabaseClient, findSavedKey, getConfig, verifyUser } from '../utils'
 
 interface Options extends OptionsBase {
   channel?: string
@@ -36,9 +36,9 @@ export async function currentBundle(channel: string, appId: string, options: Opt
   }
   const supabase = await createSupabaseClient(options.apikey)
 
-  const userId = await verifyUser(supabase, options.apikey, ['write', 'all', 'read'])
+  const _userId = await verifyUser(supabase, options.apikey, ['write', 'all', 'read'])
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.read)
 
   if (!channel) {
     p.log.error(`Please provide a channel to get the bundle from.`)
@@ -50,7 +50,6 @@ export async function currentBundle(channel: string, appId: string, options: Opt
     .select('version ( name )')
     .eq('name', channel)
     .eq('app_id', appId)
-    .eq('created_by', userId)
     .limit(1)
 
   if (error || supabaseChannel.length === 0) {

package/src/channel/delete.ts

@@ -1,10 +1,10 @@
 import process from 'node:process'
 import { program } from 'commander'
 import * as p from '@clack/prompts'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import { delChannel } from '../api/channels'
 import type { OptionsBase } from '../utils'
-import { createSupabaseClient, findSavedKey, getConfig, useLogSnag, verifyUser } from '../utils'
+import { OrganizationPerm, createSupabaseClient, findSavedKey, getConfig, useLogSnag, verifyUser } from '../utils'
 
 export async function deleteChannel(channelId: string, appId: string, options: OptionsBase) {
   p.intro(`Delete channel`)
@@ -25,7 +25,7 @@ export async function deleteChannel(channelId: string, appId: string, options: O
 
   const userId = await verifyUser(supabase, options.apikey, ['write', 'all'])
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.admin)
 
   p.log.info(`Deleting channel ${appId}#${channelId} from Capgo`)
   try {

package/src/channel/list.ts

@@ -1,10 +1,10 @@
 import process from 'node:process'
 import { program } from 'commander'
 import * as p from '@clack/prompts'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import { displayChannels, getActiveChannels } from '../api/channels'
 import type { OptionsBase } from '../utils'
-import { createSupabaseClient, findSavedKey, getConfig, useLogSnag, verifyUser } from '../utils'
+import { OrganizationPerm, createSupabaseClient, findSavedKey, getConfig, useLogSnag, verifyUser } from '../utils'
 
 export async function listChannels(appId: string, options: OptionsBase) {
   p.intro(`List channels`)
@@ -24,7 +24,7 @@ export async function listChannels(appId: string, options: OptionsBase) {
 
   const userId = await verifyUser(supabase, options.apikey, ['write', 'all', 'read', 'upload'])
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.read)
 
   p.log.info(`Querying available channels in Capgo`)
 

package/src/channel/set.ts

@@ -2,11 +2,12 @@ import process from 'node:process'
 import { program } from 'commander'
 import * as p from '@clack/prompts'
 import type { Database } from '../types/supabase.types'
-import { checkAppExistsAndHasPermissionErr } from '../api/app'
+import { checkAppExistsAndHasPermissionOrgErr } from '../api/app'
 import type {
   OptionsBase,
 } from '../utils'
 import {
+  OrganizationPerm,
   checkPlanValid,
   createSupabaseClient,
   findSavedKey,
@@ -51,7 +52,7 @@ export async function setChannel(channel: string, appId: string, options: Option
 
   const userId = await verifyUser(supabase, options.apikey, ['write', 'all'])
   // Check we have app access to this appId
-  await checkAppExistsAndHasPermissionErr(supabase, options.apikey, appId)
+  await checkAppExistsAndHasPermissionOrgErr(supabase, options.apikey, appId, OrganizationPerm.admin)
 
   const { bundle, latest, downgrade, upgrade, ios, android, selfAssign, state, disableAutoUpdate } = options
   if (!channel) {

package/src/index.ts

@@ -148,12 +148,13 @@ bundle
   .action(listBundle)
   .option('-a, --apikey <apikey>', 'apikey to link to your account')
 
-bundle
-  .command('unlink [appId]')
-  .description('Unlink a bundle in Capgo Cloud')
-  .action(listBundle)
-  .option('-a, --apikey <apikey>', 'apikey to link to your account')
-  .option('-b, --bundle <bundle>', 'bundle version number of the bundle to unlink')
+// TODO: Fix this command!
+// bundle
+//   .command('unlink [appId]')
+//   .description('Unlink a bundle in Capgo Cloud')
+//   .action(listBundle)
+//   .option('-a, --apikey <apikey>', 'apikey to link to your account')
+//   .option('-b, --bundle <bundle>', 'bundle version number of the bundle to unlink')
 
 bundle
   .command('cleanup [appId]')