From 4c284d0ba9b07e14c7fcd8f87597606c46ab7b2d Mon Sep 17 00:00:00 2001
From: Joel Strid <joelstridgg@gmail.com>
Date: Fri, 27 Sep 2024 14:08:30 +0200
Subject: [PATCH] fix: restrict project card visibility based on user
 permissions gf-558

---
 .../modules/project-groups/project-group.repository.ts   | 9 +++++++--
 package-lock.json                                        | 6 +++---
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/apps/backend/src/modules/project-groups/project-group.repository.ts b/apps/backend/src/modules/project-groups/project-group.repository.ts
index e6f46c5c..69bade77 100644
--- a/apps/backend/src/modules/project-groups/project-group.repository.ts
+++ b/apps/backend/src/modules/project-groups/project-group.repository.ts
@@ -1,6 +1,6 @@
 import { transaction } from "objection";
 
-import { SortType } from "~/libs/enums/enums.js";
+import { ProjectPermissionKey, SortType } from "~/libs/enums/enums.js";
 import { HTTPCode } from "~/libs/modules/http/libs/enums/enums.js";
 import {
 	type PaginationQueryParameters,
@@ -127,7 +127,12 @@ class ProjectGroupRepository implements Repository {
 			.query()
 			.orderBy("createdAt", SortType.DESCENDING)
 			.withGraphJoined("[projects, users, permissions]")
-			.where("users.id", userId);
+			.where("users.id", userId)
+			.andWhere("permissions.key", "in", [
+				ProjectPermissionKey.VIEW_PROJECT,
+				ProjectPermissionKey.EDIT_PROJECT,
+				ProjectPermissionKey.MANAGE_PROJECT,
+			]);
 
 		return results
 			.filter(({ projects }) => projects.length)
diff --git a/package-lock.json b/package-lock.json
index 2bcc01d4..eb1c0c15 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -53,7 +53,7 @@
 		},
 		"apps/backend": {
 			"name": "@git-fit/backend",
-			"version": "1.37.0",
+			"version": "1.40.0",
 			"dependencies": {
 				"@fastify/static": "7.0.4",
 				"@fastify/swagger": "8.15.0",
@@ -133,7 +133,7 @@
 		},
 		"apps/frontend": {
 			"name": "@git-fit/frontend",
-			"version": "1.54.0",
+			"version": "1.57.0",
 			"dependencies": {
 				"@git-fit/shared": "*",
 				"@hookform/resolvers": "3.9.0",
@@ -14873,7 +14873,7 @@
 		},
 		"packages/shared": {
 			"name": "@git-fit/shared",
-			"version": "1.34.0",
+			"version": "1.37.0",
 			"dependencies": {
 				"change-case": "5.4.4",
 				"date-fns": "3.6.0",