From b4a126280fb17f7f54aaf544954750923972424c Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Sat, 10 Jun 2023 12:19:34 +0200 Subject: [PATCH] Bugfix/fix public page (#2065) * Check for user in request because of public page * Update changelog --- CHANGELOG.md | 1 + .../impersonation/impersonation.service.ts | 42 ++++++++++++------- 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a1a6f29fd..10ab094f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - Fixed an issue with the value nullification related to the investment streaks +- Fixed an issue in the public page related to the impersonation service ## 1.278.0 - 2023-06-09 diff --git a/apps/api/src/services/impersonation/impersonation.service.ts b/apps/api/src/services/impersonation/impersonation.service.ts index 3aace0788..e678356cb 100644 --- a/apps/api/src/services/impersonation/impersonation.service.ts +++ b/apps/api/src/services/impersonation/impersonation.service.ts @@ -12,22 +12,36 @@ export class ImpersonationService { ) {} public async validateImpersonationId(aId = '') { - const accessObject = await this.prismaService.access.findFirst({ - where: { - GranteeUser: { id: this.request.user.id }, - id: aId + if (this.request.user) { + const accessObject = await this.prismaService.access.findFirst({ + where: { + GranteeUser: { id: this.request.user.id }, + id: aId + } + }); + + if (accessObject?.userId) { + return accessObject.userId; + } else if ( + hasPermission( + this.request.user.permissions, + permissions.impersonateAllUsers + ) + ) { + return aId; } - }); + } else { + // Public access + const accessObject = await this.prismaService.access.findFirst({ + where: { + GranteeUser: null, + User: { id: aId } + } + }); - if (accessObject?.userId) { - return accessObject?.userId; - } else if ( - hasPermission( - this.request.user.permissions, - permissions.impersonateAllUsers - ) - ) { - return aId; + if (accessObject?.userId) { + return accessObject.userId; + } } return null;