From 2fe1b18b2c4b3ab22620394da47ecc6b33e14855 Mon Sep 17 00:00:00 2001 From: Pranav C Date: Fri, 18 Nov 2022 12:39:22 +0530 Subject: [PATCH] fix(api): show only projects user have access Signed-off-by: Pranav C --- .../nocodb/src/lib/meta/api/orgUserApis.ts | 2 +- .../nocodb/src/lib/meta/api/projectApis.ts | 10 ++- packages/nocodb/src/lib/models/ProjectUser.ts | 85 ++++++++++++++++++- 3 files changed, 92 insertions(+), 5 deletions(-) diff --git a/packages/nocodb/src/lib/meta/api/orgUserApis.ts b/packages/nocodb/src/lib/meta/api/orgUserApis.ts index 2d7549295b..368a3887b9 100644 --- a/packages/nocodb/src/lib/meta/api/orgUserApis.ts +++ b/packages/nocodb/src/lib/meta/api/orgUserApis.ts @@ -60,7 +60,7 @@ async function userDelete(req, res) { } // delete project user entry and assign to super admin - const projectUsers = await ProjectUser.getProjectsList( + const projectUsers = await ProjectUser.getProjectsIdList( req.params.userId, ncMeta ); diff --git a/packages/nocodb/src/lib/meta/api/projectApis.ts b/packages/nocodb/src/lib/meta/api/projectApis.ts index 028bdc078f..752b404622 100644 --- a/packages/nocodb/src/lib/meta/api/projectApis.ts +++ b/packages/nocodb/src/lib/meta/api/projectApis.ts @@ -1,4 +1,5 @@ import { Request, Response } from 'express'; +import { OrgUserRoles } from '../../../enums/OrgUserRoles'; import Project from '../../models/Project'; import { ModelTypes, ProjectListType, UITypes } from 'nocodb-sdk'; import DOMPurify from 'isomorphic-dompurify'; @@ -71,12 +72,15 @@ export async function projectUpdate( } export async function projectList( - req: Request, + req: Request & { user: { id: string; roles: string } }, res: Response, next ) { try { - const projects = await Project.list(req.query); + const projects = await ProjectUser.getProjectsList( + req.user.id, + req.user?.roles?.includes(OrgUserRoles.SUPER_ADMIN) + ); res // todo: pagination .json( @@ -92,7 +96,7 @@ export async function projectList( } export async function projectDelete( - req: Request, + req: Request, res: Response ) { const result = await Project.softDelete(req.params.projectId); diff --git a/packages/nocodb/src/lib/models/ProjectUser.ts b/packages/nocodb/src/lib/models/ProjectUser.ts index 03560d1ae7..411fdae348 100644 --- a/packages/nocodb/src/lib/models/ProjectUser.ts +++ b/packages/nocodb/src/lib/models/ProjectUser.ts @@ -1,3 +1,4 @@ +import { ProjectType } from 'nocodb-sdk'; import { // CacheDelDirection, CacheGetType, @@ -184,7 +185,7 @@ export default class ProjectUser { }); } - static async getProjectsList( + static async getProjectsIdList( userId: string, ncMeta = Noco.ncMeta ): Promise { @@ -192,4 +193,86 @@ export default class ProjectUser { condition: { fk_user_id: userId }, }); } + + static async getProjectsList( + userId: string, + isSuperAdmin: boolean, + ncMeta = Noco.ncMeta + ): Promise { + // todo: pagination + // todo: caching + // let projectList = await NocoCache.getList(CacheScope.PROJECT, []); + + const qb = ncMeta + .knex(MetaTable.PROJECT) + .select(`${MetaTable.PROJECT}.*`) + [isSuperAdmin ? 'leftJoin' : 'innerJoin']( + MetaTable.PROJECT_USERS, + function () { + this.on( + `${MetaTable.PROJECT_USERS}.project_id`, + `${MetaTable.PROJECT}.id` + ); + + if (!isSuperAdmin) { + this.andOn( + `${MetaTable.PROJECT_USERS}.fk_user_id`, + ncMeta.knex.raw('?', [userId]) + ); + } + } + ) + // .innerJoin(MetaTable.USERS, function () { + // this.on( + // `${MetaTable.PROJECT_USERS}.fk_user_id`, + // `${MetaTable.USERS}.id` + // ); + // }) + // .where(function () { + // this.where(`${MetaTable.PROJECT_USERS}.fk_user_id`, userId) + // .orWhere( + // `${MetaTable.USERS}.roles`, + // 'like', + // `%${OrgUserRoles.SUPER_ADMIN}%` + // ); + // }) + .where(function () { + this.where(`${MetaTable.PROJECT}.deleted`, false).orWhereNull( + `${MetaTable.PROJECT}.deleted` + ); + }); + // if (!projectList.length) { + // projectList = await ncMeta.metaList2(null, null, MetaTable.PROJECT, { + // xcCondition: { + // _or: [ + // { + // deleted: { + // eq: false, + // }, + // }, + // { + // deleted: { + // eq: null, + // }, + // }, + // ], + // }, + // }) + // await NocoCache.setList(CacheScope.PROJECT, [], projectList) + // } + // projectList = projectList.filter( + // (p) => p.deleted === 0 || p.deleted === false || p.deleted === null, + // ) + // return projectList.map((m) => new Project(m)) + // + // + // return await ncMeta.metaList2(null, null, MetaTable.PROJECT_USERS, { + // condition: { fk_user_id: userId }, + // }) + // } + + console.log(qb.toQuery()); + + return qb; + } }