From 26e45fc2681418f0d9a5f7260cfee1283c15b764 Mon Sep 17 00:00:00 2001
From: shreddedbacon <b@benjackson.email>
Date: Thu, 24 Nov 2022 15:41:46 +1100
Subject: [PATCH] chore: prohibit renaming projects unless admin

---
 services/api/src/resources/project/resolvers.ts | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/services/api/src/resources/project/resolvers.ts b/services/api/src/resources/project/resolvers.ts
index 8486fb4bd8..69d0c79ddd 100644
--- a/services/api/src/resources/project/resolvers.ts
+++ b/services/api/src/resources/project/resolvers.ts
@@ -571,6 +571,16 @@ export const updateProject: ResolverFn = async (
     }
   }
 
+  // if the name is provided in a patch, check that the user trying to rename the project is an admin.
+  // renaming projects is prohibited because lagoon uses the project name for quite a few things
+  // which if changed can have unintended consequences for any existing environments
+  if (patch.name) {
+    const canUpdateName = await isAdminCheck(hasPermission);
+    if (!canUpdateName) {
+      throw new Error('Project renaming is only available to administrators.');
+    }
+  }
+
   if (gitUrl !== undefined && !isValidGitUrl(gitUrl)) {
     throw new Error('The provided gitUrl is invalid.');
   }