From 12239877d70feb8491aaba89661c1f843619fde5 Mon Sep 17 00:00:00 2001 From: Walter Moar Date: Wed, 17 Jan 2024 14:01:07 -0800 Subject: [PATCH 1/2] fix: FORMS-959 optimize the /rbac routes (#1248) --- app/src/forms/rbac/routes.js | 4 ++-- app/src/forms/rbac/service.js | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/app/src/forms/rbac/routes.js b/app/src/forms/rbac/routes.js index 35c463f3b..d0a30f0e0 100644 --- a/app/src/forms/rbac/routes.js +++ b/app/src/forms/rbac/routes.js @@ -5,9 +5,9 @@ const controller = require('./controller'); const keycloak = require('../../components/keycloak'); const P = require('../common/constants').Permissions; const R = require('../common/constants').Roles; -const { currentUser, hasFormPermissions, hasSubmissionPermissions, hasFormRoles, hasRolePermissions } = require('../auth/middleware/userAccess'); +const { currentUserTemp, hasFormPermissions, hasSubmissionPermissions, hasFormRoles, hasRolePermissions } = require('../auth/middleware/userAccess'); -routes.use(currentUser); +routes.use(currentUserTemp); routes.get('/current', keycloak.protect(), async (req, res, next) => { await controller.getCurrentUser(req, res, next); diff --git a/app/src/forms/rbac/service.js b/app/src/forms/rbac/service.js index 11fb0fc83..40b4f43ce 100644 --- a/app/src/forms/rbac/service.js +++ b/app/src/forms/rbac/service.js @@ -74,8 +74,11 @@ const service = { if (params.idp) accessLevels.push('idp'); if (params.team) accessLevels.push('team'); } - const filteredForms = authService.filterForms(user, user.forms, accessLevels); + + const forms = await authService.getUserForms(user, { active: true }); + const filteredForms = authService.filterForms(user, forms, accessLevels); user.forms = filteredForms; + return user; }, From 50cd70aa51d458589aee53ff58db4511ffc1c4de Mon Sep 17 00:00:00 2001 From: Walter Moar Date: Wed, 17 Jan 2024 15:07:32 -0800 Subject: [PATCH 2/2] fix: FORMS-959 emergency fix for /rbac routes (#1249) --- app/src/forms/rbac/service.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/src/forms/rbac/service.js b/app/src/forms/rbac/service.js index 40b4f43ce..838feb9c8 100644 --- a/app/src/forms/rbac/service.js +++ b/app/src/forms/rbac/service.js @@ -75,7 +75,7 @@ const service = { if (params.team) accessLevels.push('team'); } - const forms = await authService.getUserForms(user, { active: true }); + const forms = await authService.getUserForms(user, { ...params, active: true }); const filteredForms = authService.filterForms(user, forms, accessLevels); user.forms = filteredForms;