CHANGE | Tasks where user is only initiator are viewable by that user

2 years ago · 69ca6bc935
4 changed files with 119 additions and 16 deletions
--- a/src/domain/tasks/services/tasks-permissions.service.ts
+++ b/src/domain/tasks/services/tasks-permissions.service.ts
@ -35,6 +35,8 @@ export class TasksPermissionsService implements Tasks.ITasksPermissionsService {
				@@ -35,6 +35,8 @@ export class TasksPermissionsService implements Tasks.ITasksPermissionsService {
 			taskPermissions.push(...permittedActions)
 		}

+		if (_.isEmpty(taskPermissions) && userId === task.initiatorId) taskPermissions.push('find')
+
 		return taskPermissions
 	}

--- a/src/domain/tasks/services/tasks.service.ts
+++ b/src/domain/tasks/services/tasks.service.ts
@ -17,7 +17,7 @@ import { TasksExecutorsService } from './task-executors.service'
				@@ -17,7 +17,7 @@ import { TasksExecutorsService } from './task-executors.service'
 import { TasksListService } from './tasks-list.service'
 import { TasksPermissionsService } from './tasks-permissions.service'
 import { dateToSqlFormat } from 'src/shared'
-import { In, Repository } from 'typeorm'
+import { Brackets, In, Repository } from 'typeorm'
 import { EventEmitter2 } from '@nestjs/event-emitter'
 import { Events } from 'src/core/enums'
 import * as moment from 'moment'
@ -536,7 +536,15 @@ export class TasksService implements Tasks.ITasksService {
				@@ -536,7 +536,15 @@ export class TasksService implements Tasks.ITasksService {
 			const usersIds = await this.tasksPermissionsService.getAllPermittedUsersForAnyAction(
 				userId,
 			)
-			query.andWhere('it.executorId = ANY(:usersIds)', { usersIds: [userId, ...usersIds] })
+			query.andWhere(
+				new Brackets(subQuery => {
+					subQuery
+						.where('it.executorId = ANY(:usersIds)', {
+							usersIds: [userId, ...usersIds],
+						})
+						.orWhere('it.initiatorId = :initiatorId', { initiatorId: userId })
+				}),
+			)
 		}

 		const result = await query.getRawMany()
@ -589,7 +597,16 @@ export class TasksService implements Tasks.ITasksService {
				@@ -589,7 +597,16 @@ export class TasksService implements Tasks.ITasksService {

 			const allPermittedUsersIds = [userId, ...permittedUsersIdsFromPermissions]

-			query.andWhere('it.executorId = ANY(:usersIds)', { usersIds: allPermittedUsersIds })
+			// query.andWhere('it.executorId = ANY(:usersIds)', { usersIds: allPermittedUsersIds })
+			query.andWhere(
+				new Brackets(subQuery => {
+					subQuery
+						.where('it.executorId = ANY(:usersIds)', {
+							usersIds: allPermittedUsersIds,
+						})
+						.orWhere('it.initiatorId = :initiatorId', { initiatorId: userId })
+				}),
+			)
 		}

 		const activeTasks = await query.getMany()
--- a/src/rest/admin/tasks/services/admin-tasks.service.ts
+++ b/src/rest/admin/tasks/services/admin-tasks.service.ts
@ -15,8 +15,11 @@ import {
				@@ -15,8 +15,11 @@ import {
 	USERS_SERVICE,
 } from 'src/core/consts'
 import { IPagination } from 'src/core/interfaces'
+import { TASKS_REPOSITORY } from 'src/domain/tasks/consts'
+import { ITasksRepository } from 'src/domain/tasks/interfaces'
 import { createUserName } from 'src/shared'
 import { getNewTaskNotificationHTML, getNewTaskNotificationText } from 'src/shared/templates'
+import { Brackets } from 'typeorm'
 import {
 	AdminCreateTaskDto,
 	FetchExecutorsListDto,
@ -43,6 +46,7 @@ export class AdminTasksService {
				@@ -43,6 +46,7 @@ export class AdminTasksService {
 	private readonly taxonomiesService: Taxonomies.ITaxonomiesService
 	@Inject(FACTORIES_SERVICE) private readonly factoriesService: Factories.IFactoriesService
 	@Inject(MAILER_SERVICE) private readonly mailerService: Mailer.IMailerService
+	@Inject(TASKS_REPOSITORY) private readonly tasksRepository: ITasksRepository

 	/**
 	 * Метод для створення задач, створює окрему задачу для кожного з виконавців
@ -268,14 +272,22 @@ export class AdminTasksService {
				@@ -268,14 +272,22 @@ export class AdminTasksService {

 			const allPermittedUsersIds = [userId, ...permittedUsersIdsFromPermissions]

-			if (dto.executorId)
-				params.executorsIds = _.includes(allPermittedUsersIds, Number(dto.executorId))
-					? [dto.executorId]
-					: []
-			else params.executorsIds = allPermittedUsersIds
+			const allPermittedTasksIds = await this.getAllPermittedTasksIds(
+				userId,
+				allPermittedUsersIds,
+				params.status,
+			)
+			params.includeIds = allPermittedTasksIds
+
+			// if (dto.executorId) params.executorsIds = [dto.executorId]
+			// 	params.executorsIds = _.includes(allPermittedUsersIds, Number(dto.executorId))
+			// 		? [dto.executorId]
+			// 		: []
+			// else params.executorsIds = allPermittedUsersIds
 		}

-		if (dto.executorId && role === Users.Role.Admin) params.executorsIds = [dto.executorId]
+		if (dto.executorId) params.executorsIds = [dto.executorId]
+		// if (dto.executorId && role === Users.Role.Admin) params.executorsIds = [dto.executorId]

 		if (dto.tasksIds) params.includeIds = dto.tasksIds

@ -313,6 +325,32 @@ export class AdminTasksService {
				@@ -313,6 +325,32 @@ export class AdminTasksService {
 		return params
 	}

+	private async getAllPermittedTasksIds(
+		userId: number,
+		executorsIds: number[],
+		status?: Tasks.Status,
+	) {
+		const query = this.tasksRepository
+			.createQueryBuilder('it')
+			.where(
+				new Brackets(subQuery => {
+					subQuery
+						.where('it.executorId = ANY(:executorsIds)', {
+							executorsIds,
+						})
+						.orWhere('it.initiatorId = :initiator', {
+							initiator: userId,
+						})
+				}),
+			)
+			.select('it.id')
+
+		if (status) query.andWhere('it.status = :status', { status })
+
+		const tasks = await query.getMany()
+		return tasks.map(it => it.id)
+	}
+
 	private transformEvents(events: Tasks.ITaskEvent[]): Record<string, Tasks.Event>[] {
 		const transformedEvents = []

--- a/src/rest/app/tasks/services/app-tasks.service.ts
+++ b/src/rest/app/tasks/services/app-tasks.service.ts
@ -15,8 +15,11 @@ import {
				@@ -15,8 +15,11 @@ import {
 	USERS_SERVICE,
 } from 'src/core/consts'
 import { IPagination } from 'src/core/interfaces'
+import { TASKS_REPOSITORY } from 'src/domain/tasks/consts'
+import { ITasksRepository } from 'src/domain/tasks/interfaces'
 import { createUserName } from 'src/shared'
 import { getNewTaskNotificationHTML, getNewTaskNotificationText } from 'src/shared/templates'
+import { Brackets } from 'typeorm'
 import {
 	CreateTaskDto,
 	FilterTasksParamsDto,
@ -43,6 +46,7 @@ export class AppTasksService {
				@@ -43,6 +46,7 @@ export class AppTasksService {
 	private readonly tasksCommentsService: Tasks.ITasksCommentsService
 	@Inject(MAILER_SERVICE) private readonly mailerService: Mailer.IMailerService
 	@Inject(FACTORIES_SERVICE) private readonly factoriesService: Factories.IFactoriesService
+	@Inject(TASKS_REPOSITORY) private readonly tasksRepository: ITasksRepository

 	/**
 	 * Метод для створення задач, створює окрему задачу для кожного з виконавців
@ -252,20 +256,54 @@ export class AppTasksService {
				@@ -252,20 +256,54 @@ export class AppTasksService {

 			const allPermittedUsersIds = [userId, ...permittedUsersIdsFromPermissions]

-			if (dto.executorId)
-				params.executorsIds = _.includes(allPermittedUsersIds, Number(dto.executorId))
-					? [dto.executorId]
-					: []
-			else params.executorsIds = allPermittedUsersIds
+			const allPermittedTasksIds = await this.getAllPermittedTasksIds(
+				userId,
+				allPermittedUsersIds,
+				params.status,
+			)
+			params.includeIds = allPermittedTasksIds
+
+			// if (dto.executorId) params.executorsIds = [dto.executorId]
+			// 	params.executorsIds = _.includes(allPermittedUsersIds, Number(dto.executorId))
+			// 		? [dto.executorId]
+			// 		: []
+			// else params.executorsIds = allPermittedUsersIds
 		}

-		if (dto.executorId && role === Users.Role.Admin) params.executorsIds = [dto.executorId]
+		if (dto.executorId) params.executorsIds = [dto.executorId]
+		// if (dto.executorId && role === Users.Role.Admin) params.executorsIds = [dto.executorId]

 		if (dto.tasksIds) params.includeIds = dto.tasksIds

 		return params
 	}

+	private async getAllPermittedTasksIds(
+		userId: number,
+		executorsIds: number[],
+		status?: Tasks.Status,
+	) {
+		const query = this.tasksRepository
+			.createQueryBuilder('it')
+			.where(
+				new Brackets(subQuery => {
+					subQuery
+						.where('it.executorId = ANY(:executorsIds)', {
+							executorsIds,
+						})
+						.orWhere('it.initiatorId = :initiator', {
+							initiator: userId,
+						})
+				}),
+			)
+			.select('it.id')
+
+		if (status) query.andWhere('it.status = :status', { status })
+
+		const tasks = await query.getMany()
+		return tasks.map(it => it.id)
+	}
+
 	/**
 	 * Метод для отримання списку власних задач користувача
 	 * @param {IPagination} pagination - параметри пагінації
@ -474,7 +512,15 @@ export class AppTasksService {
				@@ -474,7 +512,15 @@ export class AppTasksService {

 			const allPermittedUsersIds = [userId, ...permittedUsersIdsFromPermissions]

-			params.executorsIds = allPermittedUsersIds
+			const allPermittedTasksIds = await this.getAllPermittedTasksIds(
+				userId,
+				allPermittedUsersIds,
+				params.status,
+			)
+
+			params.includeIds = dto.ids
+				? _.intersection(allPermittedTasksIds, dto.ids)
+				: allPermittedTasksIds
 		}

 		const { items } = await this.tasksService.getTasksList({ page: 1, limit: null }, params)