fix(condo): DOMA-10773 added getUserEmployeesRoles to accessSchema

open-condo-software · Jan 31, 2025 · 386c5c2 · 386c5c2
1 parent 6ef181d
commit 386c5c2
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 9 deletions.
diff --git a/apps/condo/domains/miniapp/access/AppMessageSetting.js b/apps/condo/domains/miniapp/access/AppMessageSetting.js
@@ -7,6 +7,7 @@ const uniq = require('lodash/uniq')
 const { throwAuthenticationError } = require('@open-condo/keystone/apolloErrorFormatter')
 const { find } = require('@open-condo/keystone/schema')
 
+const { getUserEmployeesRoles } = require('@condo/domains/organization/utils/accessSchema')
 const { STAFF } = require('@condo/domains/user/constants/common')
 
 
@@ -16,15 +17,7 @@ async function canReadAppMessageSetting ({ authentication: { item: user }, conte
     if (user.isAdmin || user.isSupport) return {}
 
     if (user.type === STAFF) {
-        const userEmployees = await find('OrganizationEmployee', {
-            deletedAt: null,
-            organization: { deletedAt: null },
-            role: { deletedAt: null },
-            user: { id: user.id },
-            isBlocked: false,
-            isRejected: false,
-        })
-        const employeeRoleIds = userEmployees.map(employee => employee.role)
+        const employeeRoleIds = await getUserEmployeesRoles(context, user)
         const b2bAppRoles = await find('B2BAppRole', {
             deletedAt: null,
             role: { id_in: employeeRoleIds },

diff --git a/apps/condo/domains/organization/utils/accessSchema.js b/apps/condo/domains/organization/utils/accessSchema.js
@@ -142,6 +142,7 @@ async function _getUserOrganizations (ctx, user) {
 
     for (const role of userRoles) {
         newCacheEntry.organizations[role.organization] = {
+            roleId: role.id,
             permissions: _extractRolePermissions(role),
             childOrganizations: [],
         }
@@ -254,6 +255,20 @@ async function getInvitedOrganizations (ctx, user) {
     return userOrganizationsInfo.invitations || []
 }
 
+/**
+ * Gets the IDs of user employees roles
+ * @param {{ req: import('express').Request }} ctx - keystone context object
+ * @param {{ id: string }} user - user object
+ * @returns {Promise<Array<string>>}
+ */
+async function getUserEmployeesRoles (ctx, user) {
+    const userOrganizationsInfo = await _getUserOrganizations(ctx, user)
+
+    return Object.values(userOrganizationsInfo.organizations || [])
+        .map(organizationInfo => organizationInfo.roleId)
+        .filter(Boolean)
+}
+
 /**
  * Checks if user is employed in all listed organizations and has all correct permissions in it.
  * Both organizations and permissions can be single elements if passed as strings instead of arrays
@@ -352,6 +367,7 @@ module.exports = {
     getRelatedOrganizationsByPermissions,
     getEmployedOrRelatedOrganizationsByPermissions,
     getInvitedOrganizations,
+    getUserEmployeesRoles,
     checkPermissionsInEmployedOrganizations,
     checkPermissionsInRelatedOrganizations,
     checkPermissionsInEmployedOrRelatedOrganizations,