From 05bc94d57952e116ddb13694cc15582d7b45876f Mon Sep 17 00:00:00 2001 From: Midhun G S Date: Mon, 15 Jul 2024 21:01:54 +0530 Subject: [PATCH] Fixed: Public app preview 403 error (#10360) Co-authored-by: Muhsin Shah --- server/src/controllers/app.controller.ts | 27 +++++++++++++------ .../services/organization_users.service.ts | 10 +++++++ 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/server/src/controllers/app.controller.ts b/server/src/controllers/app.controller.ts index 622b10a60b..80c1c6c9a8 100644 --- a/server/src/controllers/app.controller.ts +++ b/server/src/controllers/app.controller.ts @@ -39,6 +39,7 @@ import { InvitedUserSessionDto } from '@dto/invited-user-session.dto'; import { ActivateAccountWithTokenDto } from '@dto/activate-account-with-token.dto'; import { OrganizationInviteAuthGuard } from 'src/modules/auth/organization-invite-auth.guard'; import { ResendInviteDto } from '@dto/resend-invite.dto'; +import { OrganizationUsersService } from '@services/organization_users.service'; @Controller() export class AppController { @@ -46,7 +47,8 @@ export class AppController { private authService: AuthService, private userService: UsersService, private sessionService: SessionService, - private organizationService: OrganizationsService + private organizationService: OrganizationsService, + private organizationUsersService: OrganizationUsersService ) {} @Post('authenticate') @@ -84,20 +86,29 @@ export class AppController { @UseGuards(SessionAuthGuard) @Get('session') async getSessionDetails(@User() user, @Query('appId') appId: string, @Query('workspaceSlug') workspaceSlug: string) { + let appData: { organizationId: string; isPublic: boolean }; let currentOrganization: Organization; - - let app: { organizationId: string; isPublic: boolean }; if (appId) { - app = await this.userService.returnOrgIdOfAnApp(appId); + appData = await this.userService.returnOrgIdOfAnApp(appId); } - /* if the user has a session and the app is public, we don't need to authorize the app organization id */ - if ((app && !app?.isPublic) || workspaceSlug) { - const organization = await this.organizationService.fetchOrganization(workspaceSlug || app.organizationId); + if (workspaceSlug || appData?.organizationId) { + const organization = await this.organizationService.fetchOrganization(workspaceSlug || appData.organizationId); if (!organization) { throw new NotFoundException("Coudn't found workspace. workspace id or slug is incorrect!."); } - currentOrganization = organization; + const activeMemberOfOrganization = await this.organizationUsersService.isTheUserIsAnActiveMemberOfTheWorkspace( + user.id, + organization.id + ); + if (activeMemberOfOrganization) currentOrganization = organization; + const alreadyWorkspaceSessionAvailable = user.organizationIds?.includes(appData?.organizationId); + const orgIdNeedsToBeUpdatedForApplicationSession = + appData && appData.organizationId !== user.defaultOrganizationId && alreadyWorkspaceSessionAvailable; + if (orgIdNeedsToBeUpdatedForApplicationSession) { + /* If the app's organization id is there in the JWT and user default organization id is different, then update it */ + await this.userService.updateUser(user.id, { defaultOrganizationId: appData.organizationId }); + } } return await this.authService.generateSessionPayload(user, currentOrganization); } diff --git a/server/src/services/organization_users.service.ts b/server/src/services/organization_users.service.ts index 53cc34409f..eb55577b8a 100644 --- a/server/src/services/organization_users.service.ts +++ b/server/src/services/organization_users.service.ts @@ -117,6 +117,16 @@ export class OrganizationUsersService { }); } + async isTheUserIsAnActiveMemberOfTheWorkspace(userId: string, organizationId: string) { + return await this.organizationUsersRepository.count({ + where: { + userId, + organizationId, + status: WORKSPACE_USER_STATUS.ACTIVE, + }, + }); + } + async updateOrgUser(organizationUserId: string, updateUserDto) { const organizationUser = await this.organizationUsersRepository.findOne({ where: { id: organizationUserId } }); return await this.usersService.update(