bam/my2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
3dc60cdf6a0ccb0d39707e6d4bd95a199e1ae4b4
my2/server/api/products/index.get.ts
Bastian Masanek f9125e744b Implement Role Management Features and UI Enhancements 
- Introduced a new composable `useActiveRole` for managing user roles, including fetching role status and switching roles with server validation.
- Updated `RoleSwitcher.vue` to utilize the new composable, enhancing role selection with improved error handling and UI feedback.
- Added new API endpoints for role management, including fetching user role status and switching active roles.
- Enhanced product visibility logic to filter based on the user's active role, ensuring a tailored experience.
- Updated database schema to support last active role tracking for users, improving session management.
- Refined UI components across the application to reflect role-based changes and improve user experience.
2025-11-05 01:04:26 +01:00

74 lines
2.3 KiB
TypeScript
Raw Blame History

/**
* GET /api/products
*
* Returns a list of products visible to the current user based on their active role.
*
* Role-based Visibility (MVP):
* - Unauthenticated users: See NO products (empty array)
* - Authenticated users: See products assigned to their ACTIVE role only
* - Products WITHOUT role assignments: NOT visible (opt-in visibility)
*
* Query Parameters:
* - category: Filter by category (optional, comma-separated for multiple)
*
* Phase 2/3: This will be extended with role request/approval workflow
*/
import { eq, and, inArray } from 'drizzle-orm'
import { products } from '../../database/schema'
import { getVisibleProductIdsForRole } from '../../utils/roles'
import { getUserActiveRole } from '../../utils/role-session'
export default defineEventHandler(async (event) => {
const db = useDatabase()
const query = getQuery(event)
const categoryParam = query.category as string | undefined
try {
// Get user session (if authenticated)
const { user } = await getUserSession(event)
// MVP: Unauthenticated users cannot see any products
if (!user) {
return []
}
// Get user's active role (validates with TTL, auto-fallback if revoked)
const activeRole = await getUserActiveRole(event)
// Get product IDs visible for the active role only
const visibleProductIds = await getVisibleProductIdsForRole(user.id, activeRole)
// If user has no access to products in their active role
if (visibleProductIds.length === 0) {
return []
}
// Build where conditions
const conditions = [
eq(products.active, true),
inArray(products.id, visibleProductIds), // Role-based filtering
]
// Filter by category if provided
if (categoryParam) {
const categories = categoryParam.split(',').map((c) => c.trim())
conditions.push(inArray(products.category, categories))
}
// Fetch products with filters
const visibleProducts = await db.query.products.findMany({
where: and(...conditions),
orderBy: (products, { asc }) => [asc(products.category), asc(products.name)],
})
return visibleProducts
} catch (error) {
console.error('Error fetching products:', error)
throw createError({
statusCode: 500,
statusMessage: 'Failed to fetch products',
})
}
})
Reference in New Issue View Git Blame Copy Permalink