Merge pull request #1982 from jng34/userPermissionFixProjectMembers

userPermissionFixProjectMembers

Author: trillium

backend/controllers/user.controller.js

@@ -22,6 +22,7 @@ UserController.user_list = async function (req, res) {
     const user = await User.find(query);
     return res.status(200).send(user);
   } catch (err) {
+    console.log(err);
     return res.sendStatus(400);
   }
 };
@@ -38,12 +39,12 @@ UserController.admin_list = async function (req, res) {
     const admins = await User.find({ accessLevel: { $in: ['admin', 'superadmin'] } });
     return res.status(200).send(admins);
   } catch (err) {
+    console.log(err);
     return res.sendStatus(400);
   }
 };
 
-// Get list of Users with accessLevel 'admin' or 'superadmin' and also managed projects with GET
-UserController.projectLead_list = async function (req, res) {
+UserController.projectManager_list = async function (req, res) {
   const { headers } = req;
 
   if (headers['x-customrequired-header'] !== expectedHeader) {
@@ -58,27 +59,28 @@ UserController.projectLead_list = async function (req, res) {
       ],
     });
 
-    const updatedProjectManagers = [];
+    // Collect all unique project IDs
+    const allProjectIds = [...new Set(projectManagers.flatMap((pm) => pm.managedProjects))];
 
-    for (const projectManager of projectManagers) {
-      const projectManagerObj = projectManager.toObject();
-      projectManagerObj.isProjectLead = true;
-      const projectNames = [];
+    // Fetch all projects in one query
+    const projects = await Project.find({ _id: { $in: allProjectIds } });
+    const projectIdToName = {};
+    for (const project of projects) {
+      projectIdToName[project._id.toString()] = project.name;
+    }
 
-      for (const projectId of projectManagerObj.managedProjects) {
-        const projectDetail = await Project.findById(projectId);
-        if (projectDetail && projectDetail.name) {
-          projectNames.push(projectDetail.name);
-        } else {
-          console.warn('Project detail is null, cannot access name');
-        }
-      }
-      projectManagerObj.managedProjectNames = projectNames;
+    const updatedProjectManagers = projectManagers.map((pm) => {
+      const pmObj = pm.toObject();
+      pmObj.isProjectLead = true;
+      pmObj.managedProjectNames = (pmObj.managedProjects || [])
+        .map((pid) => projectIdToName[pid.toString()] || null)
+        .filter(Boolean);
+      return pmObj;
+    });
 
-      updatedProjectManagers.push(projectManagerObj);
-    }
     return res.status(200).send(updatedProjectManagers);
   } catch (err) {
+    console.log(err);
     return res.sendStatus(400);
   }
 };
@@ -98,6 +100,7 @@ UserController.user_by_id = async function (req, res) {
     // and look downstream to see whether 404 would break anything
     return res.status(200).send(user);
   } catch (err) {
+    console.log(err);
     return res.sendStatus(400);
   }
 };
@@ -141,6 +144,7 @@ UserController.update = async function (req, res) {
     const user = await User.findOneAndUpdate({ _id: UserId }, req.body, { new: true });
     return res.status(200).send(user);
   } catch (err) {
+    console.log(err);
     return res.sendStatus(400);
   }
 };
@@ -158,6 +162,7 @@ UserController.delete = async function (req, res) {
     const user = await User.findByIdAndDelete(UserId);
     return res.status(200).send(user);
   } catch (err) {
+    console.log(err);
     return res.sendStatus(400);
   }
 };
@@ -227,7 +232,7 @@ UserController.signin = function (req, res) {
 };
 
 UserController.verifySignIn = async function (req, res) {
-  // eslint-disable-next-line dot-notation
+   
   let token = req.headers['x-access-token'] || req.headers['authorization'];
   if (token.startsWith('Bearer ')) {
     // Remove Bearer from string
@@ -240,6 +245,7 @@ UserController.verifySignIn = async function (req, res) {
     res.cookie('token', token, { httpOnly: true });
     return res.send(user);
   } catch (err) {
+    console.log(err);
     return res.status(403);
   }
 };

backend/routers/users.router.js

@@ -8,7 +8,7 @@ router.get('/', UserController.user_list);
 
 router.get('/admins', UserController.admin_list);
 
-router.get('/projectManagers', UserController.projectLead_list);
+router.get('/projectManagers', UserController.projectManager_list);
 
 router.post('/', UserController.create);