From 618c81cbe2eab7186fd5f4728d6a5f18ef9a9fae Mon Sep 17 00:00:00 2001
From: Mathias Wagner <germannewsmaker@gmail.com>
Date: Sun, 22 Jan 2023 20:40:13 +0100
Subject: [PATCH] Updated projects.ts#checkProjectAccess

---
 src/controller/projects.ts | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/controller/projects.ts b/src/controller/projects.ts
index 3514a83..429ef29 100644
--- a/src/controller/projects.ts
+++ b/src/controller/projects.ts
@@ -3,17 +3,26 @@ import { encryptClearField } from "@utils/decryption";
 import { Types } from "mongoose";
 import crypto from "crypto";
 import { IKeyRole } from "@models/AccessKey";
+import { Member } from "@models/Member";
 
 export const checkProjectAccess = (requiredPermission: IKeyRole) => async (userId: string, projectId: string) => {
     if (!Types.ObjectId.isValid(projectId))
         return { code: 3, message: "Invalid object id provided" };
 
-    const project = await Project.findOne({ _id: projectId, creatorId: encryptClearField(userId) });
+    let project = await Project.findOne({ _id: projectId, creatorId: encryptClearField(userId) });
+    if (project !== null) return project;
+
+    const projectMember = await Member.findOne({ memberId: encryptClearField(userId || ""), accepted: true });
+    if (projectMember === null) return { code: 5009, message: "The provided project id does not exist" };
+
+    project = await Project.findById(projectMember.projectId);
     if (project === null) return { code: 5009, message: "The provided project id does not exist" };
 
-    // TODO: Get project where userId is a member
+    if (projectMember.role === IKeyRole.ADMIN) return project;
+    if (requiredPermission === IKeyRole.MANAGE && projectMember.role === IKeyRole.MANAGE) return project;
+    if (requiredPermission === IKeyRole.VIEW && (projectMember.role === IKeyRole.VIEW || projectMember.role === IKeyRole.MANAGE)) return project;
 
-    return project;
+    return { code: 5009, message: "The provided project id does not exist" };
 };
 
 const projectMapper = (project: IProject) => ({
@@ -24,7 +33,11 @@ const projectMapper = (project: IProject) => ({
 export const listProjects = async (userId?: string) => {
     const projects = await Project.find({ creatorId: encryptClearField(userId || "") });
 
-    // TODO: Find projects where userId is a member
+    const memberProjects = await Member.find({ memberId: encryptClearField(userId || ""), accepted: true });
+    for (let project of memberProjects) {
+        const foundProject = await Project.findById(project.projectId);
+        if (foundProject !== null) projects.push(foundProject);
+    }
 
     return projects.map(project => projectMapper(project));
 };