fix: Validations for updating team members (#5384)

fixes: chatwoot/product#539

Co-authored-by: Sojan Jose <sojan@pepalo.com>

app/controllers/api/v1/accounts/team_members_controller.rb

@@ -1,6 +1,7 @@
 class Api::V1::Accounts::TeamMembersController < Api::V1::Accounts::BaseController
   before_action :fetch_team
   before_action :check_authorization
+  before_action :validate_member_id_params, only: [:create, :update, :destroy]
 
   def index
     @team_members = @team.team_members.map(&:user)
@@ -45,4 +46,10 @@ class Api::V1::Accounts::TeamMembersController < Api::V1::Accounts::BaseControll
   def fetch_team
     @team = Current.account.teams.find(params[:team_id])
   end
+
+  def validate_member_id_params
+    invalid_ids = params[:user_ids].map(&:to_i) - @team.account.user_ids
+
+    render json: { error: 'Invalid User IDs' }, status: :unauthorized and return if invalid_ids.present?
+  end
 end