feat: get only orgs that user has access to

2025-12-18 20:09:25 +00:00 · 2023-03-22 23:14:22 +01:00 · 2023-03-22 23:14:22 +01:00 · afa0a9649d
commit afa0a9649d
parent 447ac93649
2 changed files with 30 additions and 3 deletions
--- a/src/services/orgs.py
+++ b/src/services/orgs.py
@ -2,6 +2,7 @@ import json
 from typing import List
 from uuid import uuid4
 from pydantic import BaseModel
+from src.services.users.schemas.users import UserOrganization
 from src.services.users.users import PublicUser, User
 from src.services.security import *
 from fastapi import FastAPI, HTTPException, status, Request, Response, BackgroundTasks
@ -62,6 +63,7 @@ async def get_organization_by_slug(request: Request, org_slug: str):

 async def create_org(request: Request, org_object: Organization, current_user: PublicUser):
    orgs = request.app.db["organizations"]
+    user = request.app.db["users"]

    # find if org already exists using name
    isOrgAvailable = await orgs.find_one({"slug": org_object.slug})
@ -79,6 +81,13 @@ async def create_org(request: Request, org_object: Organization, current_user: P

    org_in_db = await orgs.insert_one(org.dict())

+    user_organization: UserOrganization = UserOrganization(
+        org_id=org_id, org_role="owner")
+    
+    # add org to user
+    await user.update_one({"user_id": current_user.user_id}, {
+        "$addToSet": {"orgs": user_organization.dict()}})
+
    if not org_in_db:
        raise HTTPException(
            status_code=status.HTTP_503_SERVICE_UNAVAILABLE, detail="Unavailable database")
@ -125,6 +134,10 @@ async def delete_org(request: Request, org_id: str, current_user: PublicUser):

    isDeleted = await orgs.delete_one({"org_id": org_id})

+    # remove org from all users
+    users = request.app.db["users"]
+    await users.update_many({}, {"$pull": {"orgs": {"org_id": org_id}}})
+
    if isDeleted:
        return {"detail": "Org deleted"}
    else:
@ -134,9 +147,20 @@ async def delete_org(request: Request, org_id: str, current_user: PublicUser):

 async def get_orgs_by_user(request: Request, user_id: str, page: int = 1, limit: int = 10):
    orgs = request.app.db["organizations"]
+    user = request.app.db["users"]

-    # find all orgs where user_id is in owners or admins arrays
-    all_orgs = orgs.find({"$or": [{"owners": user_id}, {"admins": user_id}]}).sort(
+    # get user orgs 
+    user_orgs = await user.find_one({"user_id": user_id})
+
+    org_ids : list[UserOrganization] = []
+
+    for org in user_orgs["orgs"]:
+        if org["org_role"] == "owner" or org["org_role"] == "editor" or org["org_role"] == "member":
+            org_ids.append(org["org_id"])
+
+    # find all orgs where org_id is in org_ids array
+
+    all_orgs = orgs.find({"org_id": {"$in": org_ids}}).sort(
        "name", 1).skip(10 * (page - 1)).limit(100)

    return [json.loads(json.dumps(org, default=str)) for org in await all_orgs.to_list(length=100)]
@ -154,7 +178,7 @@ async def verify_org_rights(request: Request, org_id: str,  current_user: Public
            status_code=status.HTTP_409_CONFLICT, detail="Organization does not exist")

    isOwner = current_user.user_id in org["owners"]
-    hasRoleRights = await verify_user_rights_with_roles(request, action, current_user.user_id, org_id)
+    hasRoleRights = await verify_user_rights_with_roles(request, action, current_user.user_id, org_id, org_id)

    if not hasRoleRights and not isOwner:
        raise HTTPException(
--- a/src/services/users/schemas/users.py
+++ b/src/services/users/schemas/users.py
@ -6,6 +6,9 @@ class UserOrganization(BaseModel):
    org_id: str
    org_role: Literal['owner', 'editor', 'member'] 

+    def __getitem__(self, item):
+        return getattr(self, item)
+

 class User(BaseModel):
    username: str