diff --git a/backend/src/auth/auth.js b/backend/src/auth/auth.js index 630eb0e..71a1586 100644 --- a/backend/src/auth/auth.js +++ b/backend/src/auth/auth.js @@ -19,7 +19,7 @@ passport.use( }, async (req, token, done) => { try { - const user = await UsersDBApi.findBy({ email: token.user.email }); + const user = await UsersDBApi.findForAuth({ email: token.user.email }); if (user && user.disabled) { return done(new Error(`User '${user.email}' is disabled`)); diff --git a/backend/src/db/api/base.api.js b/backend/src/db/api/base.api.js index 42cc536..411001c 100644 --- a/backend/src/db/api/base.api.js +++ b/backend/src/db/api/base.api.js @@ -403,26 +403,37 @@ class GenericDBApi { } } - const queryOptions = { - where, - include, - distinct: true, - order: - filter.field && filter.sort - ? [[filter.field, filter.sort]] - : [['createdAt', 'desc']], - transaction: options.transaction, - }; - - if (!options.countOnly) { - queryOptions.limit = limit ? Number(limit) : undefined; - queryOptions.offset = offset ? Number(offset) : undefined; - } - try { + if (options.countOnly) { + const count = await this.MODEL.count({ + where, + include: include.filter((entry) => entry.required || entry.where), + distinct: true, + transaction: options.transaction, + }); + + return { + rows: [], + count, + }; + } + + const queryOptions = { + where, + include, + distinct: true, + order: + filter.field && filter.sort + ? [[filter.field, filter.sort]] + : [['createdAt', 'desc']], + transaction: options.transaction, + limit: limit ? Number(limit) : undefined, + offset: offset ? Number(offset) : undefined, + }; + const { rows, count } = await this.MODEL.findAndCountAll(queryOptions); return { - rows: options.countOnly ? [] : rows, + rows, count, }; } catch (error) { diff --git a/backend/src/db/api/projects.js b/backend/src/db/api/projects.js index 9cf7650..d0edb92 100644 --- a/backend/src/db/api/projects.js +++ b/backend/src/db/api/projects.js @@ -187,26 +187,37 @@ class ProjectsDBApi extends GenericDBApi { where.slug = runtimeProjectSlug; } - const queryOptions = { - where, - include, - distinct: true, - order: - filter.field && filter.sort - ? [[filter.field, filter.sort]] - : [['createdAt', 'desc']], - transaction: options.transaction, - }; - - if (!options.countOnly) { - queryOptions.limit = limit ? Number(limit) : undefined; - queryOptions.offset = offset ? Number(offset) : undefined; - } - try { + if (options.countOnly) { + const count = await this.MODEL.count({ + where, + include, + distinct: true, + transaction: options.transaction, + }); + + return { + rows: [], + count, + }; + } + + const queryOptions = { + where, + include, + distinct: true, + order: + filter.field && filter.sort + ? [[filter.field, filter.sort]] + : [['createdAt', 'desc']], + transaction: options.transaction, + limit: limit ? Number(limit) : undefined, + offset: offset ? Number(offset) : undefined, + }; + const { rows, count } = await this.MODEL.findAndCountAll(queryOptions); return { - rows: options.countOnly ? [] : rows, + rows, count, }; } catch (error) { diff --git a/backend/src/db/api/users.js b/backend/src/db/api/users.js index cc77d19..fdfe2b6 100644 --- a/backend/src/db/api/users.js +++ b/backend/src/db/api/users.js @@ -290,6 +290,35 @@ module.exports = class UsersDBApi { return output; } + static async findForAuth(where, options) { + const transaction = (options && options.transaction) || undefined; + + const users = await db.users.findOne({ + where, + transaction, + include: [ + { association: 'avatar' }, + { + association: 'app_role', + include: [{ association: 'permissions' }], + }, + { association: 'custom_permissions' }, + ], + }); + + if (!users) { + return users; + } + + const output = users.get({ plain: true }); + + if (output.app_role) { + output.app_role_permissions = output.app_role.permissions || []; + } + + return output; + } + static async findAll(filter, options) { const limit = filter.limit || 0; let offset = 0; @@ -533,28 +562,39 @@ module.exports = class UsersDBApi { } } - const queryOptions = { - where, - include, - distinct: true, - order: - filter.field && filter.sort - ? [[filter.field, filter.sort]] - : [['createdAt', 'desc']], - transaction: options?.transaction, - }; - - if (!options?.countOnly) { - queryOptions.limit = limit ? Number(limit) : undefined; - queryOptions.offset = offset ? Number(offset) : undefined; - } - try { + if (options?.countOnly) { + const count = await db.users.count({ + where, + include: include.filter((entry) => entry.required || entry.where), + distinct: true, + transaction: options?.transaction, + }); + + return { + rows: [], + count, + }; + } + + const queryOptions = { + where, + include, + distinct: true, + order: + filter.field && filter.sort + ? [[filter.field, filter.sort]] + : [['createdAt', 'desc']], + transaction: options?.transaction, + limit: limit ? Number(limit) : undefined, + offset: offset ? Number(offset) : undefined, + }; + const { rows, count } = await db.users.findAndCountAll(queryOptions); return { - rows: options?.countOnly ? [] : rows, - count: count, + rows, + count, }; } catch (error) { console.error('Error executing query:', error); diff --git a/backend/src/services/search.js b/backend/src/services/search.js index 02bcf9e..eb101dc 100644 --- a/backend/src/services/search.js +++ b/backend/src/services/search.js @@ -21,7 +21,14 @@ async function getUserPermissions(currentUser) { throw new ValidationError('auth.forbidden'); } - const rolePermissions = await currentUser.app_role.getPermissions(); + let rolePermissions = []; + + if (typeof currentUser.app_role.getPermissions === 'function') { + rolePermissions = await currentUser.app_role.getPermissions(); + } else { + rolePermissions = currentUser.app_role.permissions || []; + } + for (const permission of rolePermissions) { if (permission?.name) { permissions.add(permission.name);