From 811c5ba45700a38bfff3bdf73971aaa9e5101e7b Mon Sep 17 00:00:00 2001
From: shreddedbacon <b@benjackson.email>
Date: Tue, 2 Jul 2024 11:26:53 +1000
Subject: [PATCH] refactor: move lastaccessed call to initial req rather than
 per haspermission

---
 services/api/src/apolloServer.js | 1 +
 services/api/src/util/auth.ts    | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/services/api/src/apolloServer.js b/services/api/src/apolloServer.js
index 95c4e7f5bd..625ad84ddb 100644
--- a/services/api/src/apolloServer.js
+++ b/services/api/src/apolloServer.js
@@ -199,6 +199,7 @@ const apolloServer = new ApolloServer({
         currentUser = await User.User(modelClients).loadUserById(keycloakGrant.access_token.content.sub);
         // grab the users project ids and roles in the first request
         groupRoleProjectIds = await User.User(modelClients).getAllProjectsIdsForUser(currentUser.id, keycloakUsersGroups);
+        await User.User(modelClients).userLastAccessed(currentUser);
       }
 
       // do a permission check to see if the user is platform admin/owner, or has permission for `viewAll` on certain resources
diff --git a/services/api/src/util/auth.ts b/services/api/src/util/auth.ts
index 064c162314..428b84bb0e 100644
--- a/services/api/src/util/auth.ts
+++ b/services/api/src/util/auth.ts
@@ -187,8 +187,6 @@ export const keycloakHasPermission = (grant, requestCache, modelClients, service
       currentUser: [currentUser.id]
     };
 
-    await UserModel.userLastAccessed(currentUser);
-
     const usersAttribute = R.prop('users', attributes);
     if (usersAttribute && usersAttribute.length) {
       claims = {