fix(api): show only projects user have access

Signed-off-by: Pranav C <pranavxc@gmail.com>
2 years ago · 2fe1b18b2c
3 changed files with 92 additions and 5 deletions
--- a/packages/nocodb/src/lib/meta/api/orgUserApis.ts
+++ b/packages/nocodb/src/lib/meta/api/orgUserApis.ts
@ -60,7 +60,7 @@ async function userDelete(req, res) {
    }

    // delete project user entry and assign to super admin
-    const projectUsers = await ProjectUser.getProjectsList(
+    const projectUsers = await ProjectUser.getProjectsIdList(
      req.params.userId,
      ncMeta
    );
--- a/packages/nocodb/src/lib/meta/api/projectApis.ts
+++ b/packages/nocodb/src/lib/meta/api/projectApis.ts
@ -1,4 +1,5 @@
 import { Request, Response } from 'express';
+import { OrgUserRoles } from '../../../enums/OrgUserRoles';
 import Project from '../../models/Project';
 import { ModelTypes, ProjectListType, UITypes } from 'nocodb-sdk';
 import DOMPurify from 'isomorphic-dompurify';
@ -71,12 +72,15 @@ export async function projectUpdate(
 }

 export async function projectList(
-  req: Request<any, any, any>,
+  req: Request<any> & { user: { id: string; roles: string } },
  res: Response<ProjectListType>,
  next
 ) {
  try {
-    const projects = await Project.list(req.query);
+    const projects = await ProjectUser.getProjectsList(
+      req.user.id,
+      req.user?.roles?.includes(OrgUserRoles.SUPER_ADMIN)
+    );

    res // todo: pagination
      .json(
@ -92,7 +96,7 @@ export async function projectList(
 }

 export async function projectDelete(
-  req: Request<any, any, any>,
+  req: Request<any>,
  res: Response<ProjectListType>
 ) {
  const result = await Project.softDelete(req.params.projectId);
--- a/packages/nocodb/src/lib/models/ProjectUser.ts
+++ b/packages/nocodb/src/lib/models/ProjectUser.ts
@ -1,3 +1,4 @@
+import { ProjectType } from 'nocodb-sdk';
 import {
  // CacheDelDirection,
  CacheGetType,
@ -184,7 +185,7 @@ export default class ProjectUser {
    });
  }

-  static async getProjectsList(
+  static async getProjectsIdList(
    userId: string,
    ncMeta = Noco.ncMeta
  ): Promise<ProjectUser[]> {
@ -192,4 +193,86 @@ export default class ProjectUser {
      condition: { fk_user_id: userId },
    });
  }
+
+  static async getProjectsList(
+    userId: string,
+    isSuperAdmin: boolean,
+    ncMeta = Noco.ncMeta
+  ): Promise<ProjectType[]> {
+    // todo: pagination
+    // todo: caching
+    // let projectList = await NocoCache.getList(CacheScope.PROJECT, []);
+
+    const qb = ncMeta
+      .knex(MetaTable.PROJECT)
+      .select(`${MetaTable.PROJECT}.*`)
+      [isSuperAdmin ? 'leftJoin' : 'innerJoin'](
+        MetaTable.PROJECT_USERS,
+        function () {
+          this.on(
+            `${MetaTable.PROJECT_USERS}.project_id`,
+            `${MetaTable.PROJECT}.id`
+          );
+
+          if (!isSuperAdmin) {
+            this.andOn(
+              `${MetaTable.PROJECT_USERS}.fk_user_id`,
+              ncMeta.knex.raw('?', [userId])
+            );
+          }
+        }
+      )
+      // .innerJoin(MetaTable.USERS, function () {
+      //   this.on(
+      //     `${MetaTable.PROJECT_USERS}.fk_user_id`,
+      //     `${MetaTable.USERS}.id`
+      //   );
+      // })
+      // .where(function () {
+      //   this.where(`${MetaTable.PROJECT_USERS}.fk_user_id`, userId)
+      //     .orWhere(
+      //     `${MetaTable.USERS}.roles`,
+      //     'like',
+      //     `%${OrgUserRoles.SUPER_ADMIN}%`
+      //   );
+      // })
+      .where(function () {
+        this.where(`${MetaTable.PROJECT}.deleted`, false).orWhereNull(
+          `${MetaTable.PROJECT}.deleted`
+        );
+      });
+    //   if (!projectList.length) {
+    //     projectList = await ncMeta.metaList2(null, null, MetaTable.PROJECT, {
+    //       xcCondition: {
+    //         _or: [
+    //           {
+    //             deleted: {
+    //               eq: false,
+    //             },
+    //           },
+    //           {
+    //             deleted: {
+    //               eq: null,
+    //             },
+    //           },
+    //         ],
+    //       },
+    //     })
+    //     await NocoCache.setList(CacheScope.PROJECT, [], projectList)
+    //   }
+    //   projectList = projectList.filter(
+    //     (p) => p.deleted === 0 || p.deleted === false || p.deleted === null,
+    //   )
+    //   return projectList.map((m) => new Project(m))
+    //
+    //
+    //   return await ncMeta.metaList2(null, null, MetaTable.PROJECT_USERS, {
+    //     condition: { fk_user_id: userId },
+    //   })
+    // }
+
+    console.log(qb.toQuery());
+
+    return qb;
+  }
 }