Browse Source

fix(api): show only projects user have access

Signed-off-by: Pranav C <pranavxc@gmail.com>
pull/4426/head
Pranav C 2 years ago
parent
commit
2fe1b18b2c
  1. 2
      packages/nocodb/src/lib/meta/api/orgUserApis.ts
  2. 10
      packages/nocodb/src/lib/meta/api/projectApis.ts
  3. 85
      packages/nocodb/src/lib/models/ProjectUser.ts

2
packages/nocodb/src/lib/meta/api/orgUserApis.ts

@ -60,7 +60,7 @@ async function userDelete(req, res) {
}
// delete project user entry and assign to super admin
const projectUsers = await ProjectUser.getProjectsList(
const projectUsers = await ProjectUser.getProjectsIdList(
req.params.userId,
ncMeta
);

10
packages/nocodb/src/lib/meta/api/projectApis.ts

@ -1,4 +1,5 @@
import { Request, Response } from 'express';
import { OrgUserRoles } from '../../../enums/OrgUserRoles';
import Project from '../../models/Project';
import { ModelTypes, ProjectListType, UITypes } from 'nocodb-sdk';
import DOMPurify from 'isomorphic-dompurify';
@ -71,12 +72,15 @@ export async function projectUpdate(
}
export async function projectList(
req: Request<any, any, any>,
req: Request<any> & { user: { id: string; roles: string } },
res: Response<ProjectListType>,
next
) {
try {
const projects = await Project.list(req.query);
const projects = await ProjectUser.getProjectsList(
req.user.id,
req.user?.roles?.includes(OrgUserRoles.SUPER_ADMIN)
);
res // todo: pagination
.json(
@ -92,7 +96,7 @@ export async function projectList(
}
export async function projectDelete(
req: Request<any, any, any>,
req: Request<any>,
res: Response<ProjectListType>
) {
const result = await Project.softDelete(req.params.projectId);

85
packages/nocodb/src/lib/models/ProjectUser.ts

@ -1,3 +1,4 @@
import { ProjectType } from 'nocodb-sdk';
import {
// CacheDelDirection,
CacheGetType,
@ -184,7 +185,7 @@ export default class ProjectUser {
});
}
static async getProjectsList(
static async getProjectsIdList(
userId: string,
ncMeta = Noco.ncMeta
): Promise<ProjectUser[]> {
@ -192,4 +193,86 @@ export default class ProjectUser {
condition: { fk_user_id: userId },
});
}
static async getProjectsList(
userId: string,
isSuperAdmin: boolean,
ncMeta = Noco.ncMeta
): Promise<ProjectType[]> {
// todo: pagination
// todo: caching
// let projectList = await NocoCache.getList(CacheScope.PROJECT, []);
const qb = ncMeta
.knex(MetaTable.PROJECT)
.select(`${MetaTable.PROJECT}.*`)
[isSuperAdmin ? 'leftJoin' : 'innerJoin'](
MetaTable.PROJECT_USERS,
function () {
this.on(
`${MetaTable.PROJECT_USERS}.project_id`,
`${MetaTable.PROJECT}.id`
);
if (!isSuperAdmin) {
this.andOn(
`${MetaTable.PROJECT_USERS}.fk_user_id`,
ncMeta.knex.raw('?', [userId])
);
}
}
)
// .innerJoin(MetaTable.USERS, function () {
// this.on(
// `${MetaTable.PROJECT_USERS}.fk_user_id`,
// `${MetaTable.USERS}.id`
// );
// })
// .where(function () {
// this.where(`${MetaTable.PROJECT_USERS}.fk_user_id`, userId)
// .orWhere(
// `${MetaTable.USERS}.roles`,
// 'like',
// `%${OrgUserRoles.SUPER_ADMIN}%`
// );
// })
.where(function () {
this.where(`${MetaTable.PROJECT}.deleted`, false).orWhereNull(
`${MetaTable.PROJECT}.deleted`
);
});
// if (!projectList.length) {
// projectList = await ncMeta.metaList2(null, null, MetaTable.PROJECT, {
// xcCondition: {
// _or: [
// {
// deleted: {
// eq: false,
// },
// },
// {
// deleted: {
// eq: null,
// },
// },
// ],
// },
// })
// await NocoCache.setList(CacheScope.PROJECT, [], projectList)
// }
// projectList = projectList.filter(
// (p) => p.deleted === 0 || p.deleted === false || p.deleted === null,
// )
// return projectList.map((m) => new Project(m))
//
//
// return await ncMeta.metaList2(null, null, MetaTable.PROJECT_USERS, {
// condition: { fk_user_id: userId },
// })
// }
console.log(qb.toQuery());
return qb;
}
}

Loading…
Cancel
Save