fix: update permissions for selector on analitic page gf-351

apps/backend/src/modules/activity-logs/activity-log.controller.ts

@@ -190,7 +190,7 @@ class ActivityLogController extends BaseController {
 			user: UserAuthResponseDto;
 		}>,
 	): Promise<APIHandlerResponse> {
-		const { endDate, startDate } = options.query;
+		const { endDate, projectId, startDate } = options.query;
 		const { user } = options;
 
 		const groups = await this.projectGroupService.findAllByUserId(user.id);
@@ -207,13 +207,15 @@ class ActivityLogController extends BaseController {
 			[PermissionKey.MANAGE_ALL_PROJECTS, PermissionKey.VIEW_ALL_PROJECTS],
 			rootPermissions,
 		);
+		const userProjectIds = groups.map(({ projectId }) => projectId.id);
 
 		return {
 			payload: await this.activityLogService.findAll({
 				endDate,
 				hasRootPermission,
-				projectIds: groups.map(({ projectId }) => projectId.id),
+				projectId,
 				startDate,
+				userProjectIds,
 			}),
 			status: HTTPCode.OK,
 		};

apps/backend/src/modules/activity-logs/activity-log.repository.ts

@@ -42,12 +42,10 @@ class ActivityLogRepository implements Repository {
 
 	public async findAll({
 		endDate,
-		hasRootPermission,
 		projectIds,
 		startDate,
 	}: {
-		hasRootPermission: boolean;
-		projectIds: number[];
+		projectIds: number[] | undefined;
 	} & ActivityLogQueryParameters): Promise<{ items: ActivityLogEntity[] }> {
 		const query = this.activityLogModel
 			.query()
@@ -57,7 +55,7 @@ class ActivityLogRepository implements Repository {
 			})
 			.whereBetween("activity_logs.date", [startDate, endDate]);
 
-		if (!hasRootPermission) {
+		if (projectIds) {
 			query.whereIn("activity_logs.projectId", projectIds);
 		}
 

apps/backend/src/modules/activity-logs/activity-log.service.ts

@@ -87,6 +87,29 @@ class ActivityLogService implements Service {
 		}
 	}
 
+	private getAllowedProjectIds(
+		hasRootPermission: boolean,
+		userProjectIds: number[],
+		projectId?: number,
+	): number[] | undefined {
+		if (!projectId && hasRootPermission) {
+			return;
+		}
+
+		if (
+			projectId &&
+			!hasRootPermission &&
+			!userProjectIds.includes(projectId)
+		) {
+			throw new ActivityLogError({
+				message: ExceptionMessage.NO_PERMISSION,
+				status: HTTPCode.FORBIDDEN,
+			});
+		}
+
+		return projectId ? [projectId] : userProjectIds;
+	}
+
 	public async create(
 		payload: { apiKey: string } & ActivityLogCreateRequestDto,
 	): Promise<ActivityLogGetAllResponseDto> {
@@ -134,15 +157,22 @@ class ActivityLogService implements Service {
 	public async findAll({
 		endDate,
 		hasRootPermission,
-		projectIds,
+		projectId,
 		startDate,
+		userProjectIds,
 	}: {
 		hasRootPermission: boolean;
-		projectIds: number[];
+		userProjectIds: number[];
 	} & ActivityLogQueryParameters): Promise<ActivityLogGetAllAnalyticsResponseDto> {
+		const projectIdParsed = projectId ? Number(projectId) : undefined;
+		const projectIds = this.getAllowedProjectIds(
+			hasRootPermission,
+			userProjectIds,
+			projectIdParsed,
+		);
+
 		const activityLogsEntities = await this.activityLogRepository.findAll({
 			endDate,
-			hasRootPermission,
 			projectIds,
 			startDate,
 		});
@@ -151,10 +181,8 @@ class ActivityLogService implements Service {
 			item.toObject(),
 		);
 
-		const allContributors = await this.contributorService.findAllByProjects(
-			projectIds,
-			hasRootPermission,
-		);
+		const allContributors =
+			await this.contributorService.findAllByProjects(projectIds);
 
 		const dateRange = getDateRange(startDate, endDate);
 

apps/backend/src/modules/contributors/contributor.repository.ts

@@ -86,8 +86,7 @@ class ContributorRepository implements Repository {
 	}
 
 	public async findAllByProjects(
-		projectIds: number[],
-		hasRootPermission: boolean,
+		projectIds: number[] | undefined,
 	): Promise<{ items: ContributorEntity[] }> {
 		const query = this.contributorModel
 			.query()
@@ -106,7 +105,7 @@ class ContributorRepository implements Repository {
 			.leftJoin("activity_logs", "git_emails.id", "activity_logs.git_email_id")
 			.leftJoin("projects", "activity_logs.project_id", "projects.id");
 
-		if (!hasRootPermission) {
+		if (projectIds) {
 			query.whereIn("projects.id", projectIds);
 		}
 

apps/backend/src/modules/contributors/contributor.service.ts

@@ -85,13 +85,10 @@ class ContributorService implements Service {
 	}
 
 	public async findAllByProjects(
-		projectIds: number[],
-		hasRootPermission = false,
+		projectIds: number[] | undefined,
 	): Promise<ContributorGetAllResponseDto> {
-		const contributors = await this.contributorRepository.findAllByProjects(
-			projectIds,
-			hasRootPermission,
-		);
+		const contributors =
+			await this.contributorRepository.findAllByProjects(projectIds);
 
 		return {
 			items: contributors.items.map((item) => {

apps/backend/src/modules/projects/project.controller.ts

@@ -1,4 +1,5 @@
 import { APIPath, PermissionKey } from "~/libs/enums/enums.js";
+import { checkHasPermission } from "~/libs/helpers/helpers.js";
 import { checkUserPermissions } from "~/libs/hooks/hooks.js";
 import {
 	type APIHandlerOptions,
@@ -8,6 +9,9 @@ import {
 import { HTTPCode } from "~/libs/modules/http/http.js";
 import { type Logger } from "~/libs/modules/logger/logger.js";
 
+import { type PermissionGetAllItemResponseDto } from "../permissions/libs/types/types.js";
+import { type ProjectGroupService } from "../project-groups/project-groups.js";
+import { type UserAuthResponseDto } from "../users/users.js";
 import { ProjectsApiPath } from "./libs/enums/enums.js";
 import {
 	type ProjectCreateRequestDto,
@@ -45,11 +49,17 @@ import { type ProjectService } from "./project.service.js";
  */
 
 class ProjectController extends BaseController {
+	private projectGroupService: ProjectGroupService;
 	private projectService: ProjectService;
 
-	public constructor(logger: Logger, projectService: ProjectService) {
+	public constructor(
+		logger: Logger,
+		projectGroupService: ProjectGroupService,
+		projectService: ProjectService,
+	) {
 		super(logger, APIPath.PROJECTS);
 
+		this.projectGroupService = projectGroupService;
 		this.projectService = projectService;
 
 		this.addRoute({
@@ -94,6 +104,7 @@ class ProjectController extends BaseController {
 				this.findAll(
 					options as APIHandlerOptions<{
 						query: ProjectGetAllRequestDto;
+						user: UserAuthResponseDto;
 					}>,
 				),
 			method: "GET",
@@ -270,9 +281,28 @@ class ProjectController extends BaseController {
 	private async findAll(
 		options: APIHandlerOptions<{
 			query: ProjectGetAllRequestDto;
+			user: UserAuthResponseDto;
 		}>,
 	): Promise<APIHandlerResponse> {
 		const { name, page, pageSize } = options.query;
+		const { user } = options;
+
+		const groups = await this.projectGroupService.findAllByUserId(user.id);
+
+		const rootPermissions: PermissionGetAllItemResponseDto[] =
+			user.groups.flatMap((group) =>
+				group.permissions.map((permission) => ({
+					id: permission.id,
+					key: permission.key,
+					name: permission.name,
+				})),
+			);
+
+		const hasRootPermission = checkHasPermission(
+			[PermissionKey.MANAGE_ALL_PROJECTS, PermissionKey.VIEW_ALL_PROJECTS],
+			rootPermissions,
+		);
+		const userProjectIds = groups.map(({ projectId }) => projectId.id);
 
 		if (page && pageSize) {
 			return {
@@ -285,8 +315,21 @@ class ProjectController extends BaseController {
 			};
 		}
 
+		if (hasRootPermission) {
+			return {
+				payload: await this.projectService.findAllWithoutPagination({
+					hasRootPermission,
+					userProjectIds,
+				}),
+				status: HTTPCode.OK,
+			};
+		}
+
 		return {
-			payload: await this.projectService.findAllWithoutPagination(),
+			payload: await this.projectService.findAllWithoutPagination({
+				hasRootPermission: false,
+				userProjectIds,
+			}),
 			status: HTTPCode.OK,
 		};
 	}

apps/backend/src/modules/projects/project.repository.ts

@@ -1,3 +1,4 @@
+import { EMPTY_LENGTH } from "~/libs/constants/constants.js";
 import { SortType } from "~/libs/enums/enums.js";
 import { subtractDays } from "~/libs/helpers/helpers.js";
 import {
@@ -70,9 +71,18 @@ class ProjectRepository implements Repository {
 		};
 	}
 
-	public async findAllWithoutPagination(): Promise<ProjectEntity[]> {
-		const projects = await this.projectModel
-			.query()
+	public async findAllWithoutPagination({
+		userProjectIds,
+	}: {
+		userProjectIds?: number[];
+	}): Promise<ProjectEntity[]> {
+		let query = this.projectModel.query();
+
+		if (userProjectIds && userProjectIds.length !== EMPTY_LENGTH) {
+			query = query.whereIn("id", userProjectIds);
+		}
+
+		const projects = await query
 			.orderBy("created_at", SortType.DESCENDING)
 			.execute();
 

apps/backend/src/modules/projects/project.service.ts

@@ -135,10 +135,20 @@ class ProjectService implements Service {
 		};
 	}
 
-	public async findAllWithoutPagination(): Promise<
-		ProjectGetAllItemResponseDto[]
-	> {
-		const projects = await this.projectRepository.findAllWithoutPagination();
+	public async findAllWithoutPagination({
+		hasRootPermission,
+		userProjectIds,
+	}: {
+		hasRootPermission: boolean;
+		userProjectIds: number[];
+	}): Promise<ProjectGetAllItemResponseDto[]> {
+		const projects = hasRootPermission
+			? await this.projectRepository.findAllWithoutPagination({
+					userProjectIds: [],
+				})
+			: await this.projectRepository.findAllWithoutPagination({
+					userProjectIds,
+				});
 
 		return projects.map((project) => project.toObject());
 	}

apps/backend/src/modules/projects/projects.ts

@@ -1,5 +1,6 @@
 import { logger } from "~/libs/modules/logger/logger.js";
 import { projectApiKeyService } from "~/modules/project-api-keys/project-api-keys.js";
+import { projectGroupService } from "~/modules/project-groups/project-groups.js";
 
 import { notificationService } from "../notifications/notifications.js";
 import { userService } from "../users/users.js";
@@ -16,7 +17,11 @@ const projectService = new ProjectService({
 	projectRepository,
 	userService,
 });
-const projectController = new ProjectController(logger, projectService);
+const projectController = new ProjectController(
+	logger,
+	projectGroupService,
+	projectService,
+);
 
 export { projectController, projectService };
 export { type ProjectService } from "./project.service.js";