Merge pull request #3561 from uselagoon/self-user-by-email

refactor: allow user to request user-by-email for self if requested
uselagoon · Oct 10, 2023 · eb889df · eb889df
2 parents e5fc509 + af726e5
commit eb889df
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/services/api/src/resources/user/resolvers.ts b/services/api/src/resources/user/resolvers.ts
@@ -2,7 +2,6 @@
 import * as R from 'ramda';
 import { ResolverFn } from '../';
 import { query, isPatchEmpty } from '../../util/db';
-import { logger } from '../../loggers/logger';
 import { Helpers as organizationHelpers } from '../organization/helpers';
 import { Sql } from './sql';
 
@@ -112,11 +111,21 @@ export const getAllUsers: ResolverFn = async (
 export const getUserByEmail: ResolverFn = async (
   _root,
   { email },
-  { sqlClientPool, models, hasPermission },
+  { sqlClientPool, models, hasPermission, keycloakGrant },
 ) => {
-  await hasPermission('user', 'viewAll');
 
   const user = await models.UserModel.loadUserByUsername(email);
+  if (keycloakGrant) {
+    if (keycloakGrant.access_token.content.sub == user.id) {
+      await hasPermission('ssh_key', 'view:user', {
+        users: [user.id]
+      });
+    } else {
+      await hasPermission('user', 'viewAll');
+    }
+  } else {
+    await hasPermission('user', 'viewAll');
+  }
 
   return user;
 };