From bef97020d09ea8fd3e244dc44cf71512b32fe137 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Sat, 6 Jan 2024 11:34:16 +0530
Subject: [PATCH] multisig(fix): fix delete multisig account issue (backport
 #1076) (#1078)

multisig(fix): fix delete multisig account issue (#1076)

* multisig(fix): fix delete multisig account issue

* chore: fix lint issue

* chore

(cherry picked from commit 1520345aa88ad7a36aa81fb8ebe3885389aa6ed5)

Co-authored-by: Hemanth Sai <ghshemanth@gmail.com>
---
 .../multisig/components/AccountInfo.tsx       | 21 +++++++++----------
 server/middleware/auth.go                     | 13 ++++++------
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/frontend/src/app/(routes)/multisig/components/AccountInfo.tsx b/frontend/src/app/(routes)/multisig/components/AccountInfo.tsx
index 47b8f3971..8ee403f93 100644
--- a/frontend/src/app/(routes)/multisig/components/AccountInfo.tsx
+++ b/frontend/src/app/(routes)/multisig/components/AccountInfo.tsx
@@ -3,7 +3,7 @@ import { deleteMultisig } from '@/store/features/multisig/multisigSlice';
 import { RootState } from '@/store/store';
 import { MultisigAccount } from '@/types/multisig';
 import { parseBalance } from '@/utils/denom';
-import { formatCoin, formatStakedAmount, isMultisigMember } from '@/utils/util';
+import { formatCoin, formatStakedAmount } from '@/utils/util';
 import Image from 'next/image';
 import { useRouter } from 'next/navigation';
 import React, { useEffect, useState } from 'react';
@@ -57,10 +57,9 @@ const AccountInfo: React.FC<AccountInfoProps> = (props) => {
       denom: coinMinimalDenom,
     },
   ];
-  const isMember = isMultisigMember(
-    multisigAccount.pubkeys || [],
-    walletAddress
-  );
+
+  const isAdmin =
+    multisigAccount?.account?.created_by === (walletAddress || '');
 
   const { txnCounts = {} } = multisigAccounts;
   const actionsRequired = txnCounts?.[address] || 0;
@@ -99,7 +98,7 @@ const AccountInfo: React.FC<AccountInfoProps> = (props) => {
           coinDecimals,
         })}
         chainID={chainID}
-        isMember={isMember}
+        isAdmin={isAdmin}
       />
     </div>
   );
@@ -114,7 +113,7 @@ const AccountDetails = ({
   stakedBalance,
   chainName,
   chainID,
-  isMember,
+  isAdmin,
 }: {
   multisigAccount: MultisigAccount;
   actionsRequired: number;
@@ -122,7 +121,7 @@ const AccountDetails = ({
   stakedBalance: string;
   chainName: string;
   chainID: string;
-  isMember: boolean;
+  isAdmin: boolean;
 }) => {
   const { account: accountInfo, pubkeys } = multisigAccount;
   const { address, name, created_at, threshold } = accountInfo;
@@ -152,7 +151,7 @@ const AccountDetails = ({
   const authToken = getAuthToken(chainID);
 
   const handleDelete = () => {
-    if (isMember) {
+    if (isAdmin) {
       dispatch(
         deleteMultisig({
           data: { address: multisigAccount?.account?.address },
@@ -233,11 +232,11 @@ const AccountDetails = ({
           <button
             onClick={() => setDeleteDialogOpen(true)}
             className={
-              isMember
+              isAdmin
                 ? 'delete-multisig-btn'
                 : 'delete-multisig-btn btn-disabled'
             }
-            disabled={!isMember}
+            disabled={!isAdmin}
           >
             Delete Multisig
           </button>
diff --git a/server/middleware/auth.go b/server/middleware/auth.go
index fe1ab5f0e..c11785ef5 100644
--- a/server/middleware/auth.go
+++ b/server/middleware/auth.go
@@ -28,11 +28,11 @@ func (h *Handler) AuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
 			})
 		}
 
-		var userAddess string
+		var userAddress string
 
 		saniSignature := strings.Replace(signature, " ", "+", -1)
 
-		err := h.DB.QueryRow(`SELECT address FROM users where address=$1 and signature=$2`, address, saniSignature).Scan(&userAddess)
+		err := h.DB.QueryRow(`SELECT address FROM users where address=$1 and signature=$2`, address, saniSignature).Scan(&userAddress)
 		if err == sql.ErrNoRows {
 			return c.JSON(http.StatusBadRequest, model.ErrorResponse{
 				Status:  "Unauthorized",
@@ -53,10 +53,11 @@ func (h *Handler) AuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
 func (h *Handler) IsMultisigAdmin(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		address := c.QueryParams().Get("address")
+		multisigAddress := c.Param("address")
 
-		var userAddess string
+		var userAddress string
 
-		err := h.DB.QueryRow(`SELECT address FROM multisig_accounts where created_by=$1`, address).Scan(&userAddess)
+		err := h.DB.QueryRow(`SELECT address FROM multisig_accounts where created_by=$1 and address=$2`, address, multisigAddress).Scan(&userAddress)
 		if err == sql.ErrNoRows {
 			return c.JSON(http.StatusBadRequest, model.ErrorResponse{
 				Status:  "Unauthorized",
@@ -79,9 +80,9 @@ func (h *Handler) IsMultisigMember(next echo.HandlerFunc) echo.HandlerFunc {
 		address := c.QueryParams().Get("address")
 		multisigAddress := c.Param("address")
 
-		var userAddess string
+		var userAddress string
 
-		err := h.DB.QueryRow(`SELECT address FROM pubkeys where address=$1 and multisig_address=$2`, address, multisigAddress).Scan(&userAddess)
+		err := h.DB.QueryRow(`SELECT address FROM pubkeys where address=$1 and multisig_address=$2`, address, multisigAddress).Scan(&userAddress)
 		if err == sql.ErrNoRows {
 			return c.JSON(http.StatusBadRequest, model.ErrorResponse{
 				Status:  "Unauthorized",