fix(db): prevent user team change when tickets reference the user

[g-k-s-03]

Fixes #237

Problem

No database-level enforcement existed to prevent a user's team_id from
being changed while tickets still reference them as created_by or
assigned_to. This caused silent cross-team data integrity violations.

Root Cause

Verified across all 10 migration files — no BEFORE UPDATE trigger on the
users table and no constraint preventing team_id changes for referenced users.

Fix

Added migration 20251021110000_prevent_user_team_change_trigger.sql:

• Creates prevent_user_team_change_if_tickets_exist() trigger function
• Fires BEFORE UPDATE ON users for each row
• Only activates when OLD.team_id IS DISTINCT FROM NEW.team_id
• Raises an exception if any ticket references the user as created_by or assigned_to
• Allows the update if no such tickets exist

Testing

1. Create a user in team A
2. Create a ticket with that user as created_by
3. Attempt to change the user's team_id to team B
4. Confirm the database raises an error and blocks the update
5. Delete or reassign the ticket, then retry — confirm the team change succeeds

Summary by CodeRabbit

• Bug Fixes
  • Team changes are now prevented if a user has associated tickets, ensuring consistency across the system.

[coderabbitai]

Warning

Review limit reached

@g-k-s-03, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 43 minutes and 45 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5972ee58-d997-4538-b473-7ae5b52bd292

📥 Commits

Reviewing files that changed from the base of the PR and between b77689d and f157202.

📒 Files selected for processing (1)

• supabase/migrations/20251021110000_prevent_user_team_change_trigger.sql

Walkthrough

A new Supabase migration adds a PL/pgSQL trigger function prevent_user_team_change_if_tickets_exist() and a BEFORE UPDATE trigger prevent_user_team_change on the users table. The function raises an exception when a team_id change is attempted on a user who is referenced in the tickets table as created_by or assigned_to.

Changes

Prevent user team change when tickets exist

Layer / File(s)	Summary
Trigger function and wiring supabase/migrations/20251021110000_prevent_user_team_change_trigger.sql	Defines prevent_user_team_change_if_tickets_exist() to raise an exception when users.team_id is modified for any user referenced in tickets as created_by or assigned_to, and registers it as a BEFORE UPDATE FOR EACH ROW trigger on the users table.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

🐇 A bunny guards the ticket trail,
No team shall shift without a wail!
If tickets cling to your old name,
The trigger blocks — the DB's sane.
Hop safely now, no data pain! 🎉

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: adding a database trigger to prevent users from changing their team assignment when referenced in tickets, which directly aligns with the primary objective of the PR.
Linked Issues check	✅ Passed	The PR fully implements the requirement from issue #237: a trigger function prevents team changes when tickets reference the user as created_by or assigned_to, blocking updates with an exception in such cases.
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing the data integrity fix specified in issue #237; no unrelated or out-of-scope modifications are present in the migration file.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@supabase/migrations/20251021110000_prevent_user_team_change_trigger.sql`:
- Around line 6-11: The trigger prevents team changes by checking if a user is
referenced in tickets, but this check has a race condition where another
transaction can insert a ticket between the EXISTS check and the UPDATE commit.
To fix this, add a BEFORE INSERT or BEFORE UPDATE trigger on the tickets table
that validates the team consistency before allowing any ticket insertion or
update. Specifically, the new trigger should ensure that when created_by or
assigned_to are set on a ticket, the referenced user's team_id matches the
ticket's team_id. This enforcement at the source (tickets table) will prevent
concurrent inserts from bypassing the original team-change prevention logic by
making it impossible to create references to users in different teams in the
first place.
- Around line 2-3: The trigger function
prevent_user_team_change_if_tickets_exist() uses unqualified relation names and
function references that depend on search_path for resolution, which creates a
security and correctness risk. Qualify all table references (tickets and users
on lines 7, 18, and 20) with their schema prefix (e.g., public.tickets,
public.users) and ensure any function calls within the trigger are also
schema-qualified. This ensures the trigger operates on the intended tables
regardless of how search_path is configured.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 15c6fc40-c6c6-44e5-b38d-e9211ada689f

📥 Commits

Reviewing files that changed from the base of the PR and between 36cb2b8 and b77689d.

📒 Files selected for processing (1)

• supabase/migrations/20251021110000_prevent_user_team_change_trigger.sql

[g-k-s-03]

@M4dhav, can you see this pr

[M4dhav]

Hey @g-k-s-03 , It would be better for @dhruvi-16-me to take a look at it first.