From ee9027939f03744de77a3842972cc94cfd32f4ec Mon Sep 17 00:00:00 2001 From: Danielzxccc Date: Wed, 1 May 2024 22:27:52 +0800 Subject: [PATCH] fix event authorizations --- src/modules/Community/CommunityInteractor.ts | 17 ++++++--- src/modules/Community/CommunityRouter.ts | 2 +- src/modules/Community/CommunityService.ts | 37 ++++++++++++-------- 3 files changed, 36 insertions(+), 20 deletions(-) diff --git a/src/modules/Community/CommunityInteractor.ts b/src/modules/Community/CommunityInteractor.ts index fd6d012..b4609a3 100644 --- a/src/modules/Community/CommunityInteractor.ts +++ b/src/modules/Community/CommunityInteractor.ts @@ -9,7 +9,11 @@ import { } from '../../schema/CommunityFarmSchema' import { getUserOrThrow } from '../../utils/findUser' import { findCommunityFarmById, findCrop } from '../Farm/FarmService' -import { findFarmMembersByFarmId, updateUser } from '../Users/UserService' +import { + findFarmMembersByFarmId, + findUser, + updateUser, +} from '../Users/UserService' import HttpError from '../../utils/HttpError' import * as Service from './CommunityService' import { z } from 'zod' @@ -916,17 +920,22 @@ export type ListCommunityEventsT = { } export async function listCommunityEvents(payload: ListCommunityEventsT) { + let isDataOwner = false if (payload?.farmid) { const communityFarm = await findCommunityFarmById(payload.farmid) - if (!communityFarm) { throw new HttpError('Community Farm Not Found', 404) } + + if (payload?.userid) { + const user = await getUserOrThrow(payload.userid) + isDataOwner = user.farm_id === communityFarm.id + } } const [data, total] = await Promise.all([ - Service.listCommunityEventsByFarm(payload), - Service.getTotalCommunityEventsByFarm(payload), + Service.listCommunityEventsByFarm(payload, isDataOwner), + Service.getTotalCommunityEventsByFarm(payload, isDataOwner), ]) for (const date of data) { diff --git a/src/modules/Community/CommunityRouter.ts b/src/modules/Community/CommunityRouter.ts index 8db68f8..5588bc9 100644 --- a/src/modules/Community/CommunityRouter.ts +++ b/src/modules/Community/CommunityRouter.ts @@ -120,7 +120,7 @@ CommunityRouter.put( CommunityRouter.get( '/event/list/:id', - UserGuard(['farm_head', 'farmer']), + UserGuard(['farm_head', 'farmer', 'admin', 'member', 'asst_admin']), CommunityController.listCommunityEvents ) diff --git a/src/modules/Community/CommunityService.ts b/src/modules/Community/CommunityService.ts index f386538..ff18d53 100644 --- a/src/modules/Community/CommunityService.ts +++ b/src/modules/Community/CommunityService.ts @@ -588,15 +588,18 @@ export async function createCommunityEvent( return communityEvent } -export async function listCommunityEventsByFarm({ - farmid, - searchKey, - offset, - perpage, - type, - filter, - userid, -}: ListCommunityEventsT) { +export async function listCommunityEventsByFarm( + { + farmid, + searchKey, + offset, + perpage, + type, + filter, + userid, + }: ListCommunityEventsT, + isDataOwner: boolean +) { let query = db .selectFrom('community_events as ce') .leftJoin('community_farms as cf', 'cf.id', 'ce.farmid') @@ -658,6 +661,9 @@ export async function listCommunityEventsByFarm({ if (farmid) { query = query.where('ce.farmid', '=', farmid) + if (!isDataOwner) { + query = query.where('ce.type', '=', 'public') + } } else { query = query.where('ce.type', '=', 'public') } @@ -686,18 +692,19 @@ export async function listCommunityEventsByFarm({ return await query.limit(perpage).offset(offset).execute() } -export async function getTotalCommunityEventsByFarm({ - farmid, - searchKey, - type, - filter, -}: ListCommunityEventsT) { +export async function getTotalCommunityEventsByFarm( + { farmid, searchKey, type, filter }: ListCommunityEventsT, + isDataOwner: boolean +) { let query = db .selectFrom('community_events as ce') .select(({ fn }) => [fn.count('ce.id').as('count')]) if (farmid) { query = query.where('ce.farmid', '=', farmid) + if (!isDataOwner) { + query = query.where('ce.type', '=', 'public') + } } else { query = query.where('ce.type', '=', 'public') }