fix event authorizations

src/modules/Community/CommunityInteractor.ts

@@ -9,7 +9,11 @@ import {
 } from '../../schema/CommunityFarmSchema'
 import { getUserOrThrow } from '../../utils/findUser'
 import { findCommunityFarmById, findCrop } from '../Farm/FarmService'
-import { findFarmMembersByFarmId, updateUser } from '../Users/UserService'
+import {
+  findFarmMembersByFarmId,
+  findUser,
+  updateUser,
+} from '../Users/UserService'
 import HttpError from '../../utils/HttpError'
 import * as Service from './CommunityService'
 import { z } from 'zod'
@@ -916,17 +920,22 @@ export type ListCommunityEventsT = {
 }
 
 export async function listCommunityEvents(payload: ListCommunityEventsT) {
+  let isDataOwner = false
   if (payload?.farmid) {
     const communityFarm = await findCommunityFarmById(payload.farmid)
-
     if (!communityFarm) {
       throw new HttpError('Community Farm Not Found', 404)
     }
+
+    if (payload?.userid) {
+      const user = await getUserOrThrow(payload.userid)
+      isDataOwner = user.farm_id === communityFarm.id
+    }
   }
 
   const [data, total] = await Promise.all([
-    Service.listCommunityEventsByFarm(payload),
-    Service.getTotalCommunityEventsByFarm(payload),
+    Service.listCommunityEventsByFarm(payload, isDataOwner),
+    Service.getTotalCommunityEventsByFarm(payload, isDataOwner),
   ])
 
   for (const date of data) {

src/modules/Community/CommunityRouter.ts

@@ -120,7 +120,7 @@ CommunityRouter.put(
 
 CommunityRouter.get(
   '/event/list/:id',
-  UserGuard(['farm_head', 'farmer']),
+  UserGuard(['farm_head', 'farmer', 'admin', 'member', 'asst_admin']),
   CommunityController.listCommunityEvents
 )
 

src/modules/Community/CommunityService.ts

@@ -588,15 +588,18 @@ export async function createCommunityEvent(
   return communityEvent
 }
 
-export async function listCommunityEventsByFarm({
-  farmid,
-  searchKey,
-  offset,
-  perpage,
-  type,
-  filter,
-  userid,
-}: ListCommunityEventsT) {
+export async function listCommunityEventsByFarm(
+  {
+    farmid,
+    searchKey,
+    offset,
+    perpage,
+    type,
+    filter,
+    userid,
+  }: ListCommunityEventsT,
+  isDataOwner: boolean
+) {
   let query = db
     .selectFrom('community_events as ce')
     .leftJoin('community_farms as cf', 'cf.id', 'ce.farmid')
@@ -658,6 +661,9 @@ export async function listCommunityEventsByFarm({
 
   if (farmid) {
     query = query.where('ce.farmid', '=', farmid)
+    if (!isDataOwner) {
+      query = query.where('ce.type', '=', 'public')
+    }
   } else {
     query = query.where('ce.type', '=', 'public')
   }
@@ -686,18 +692,19 @@ export async function listCommunityEventsByFarm({
   return await query.limit(perpage).offset(offset).execute()
 }
 
-export async function getTotalCommunityEventsByFarm({
-  farmid,
-  searchKey,
-  type,
-  filter,
-}: ListCommunityEventsT) {
+export async function getTotalCommunityEventsByFarm(
+  { farmid, searchKey, type, filter }: ListCommunityEventsT,
+  isDataOwner: boolean
+) {
   let query = db
     .selectFrom('community_events as ce')
     .select(({ fn }) => [fn.count<number>('ce.id').as('count')])
 
   if (farmid) {
     query = query.where('ce.farmid', '=', farmid)
+    if (!isDataOwner) {
+      query = query.where('ce.type', '=', 'public')
+    }
   } else {
     query = query.where('ce.type', '=', 'public')
   }