Skip to content

fix(api): refine project access control logic for user roles

ryanlong requested to merge project_access_control_fix into main

Created by: deepakduggirala

Description

Check if current user is under user role.

Previous:

req.user.roles.includes('user')

Current:

!(req.user.roles.includes('operator') || req.user.roles.includes('admin'))

This prevents cases where a user with multiple roles (user, operator) or (user, operator, admin) gets treated like having user role.

We should revisit role design in our application, and should probably make a user posses a single role, rather than multiple.

Related Issue(s)

Changes Made

  • Feature added
  • Bug fixed
  • Code refactored
  • Tests changed
  • Documentation updated
  • Other changes: [describe]

Checklist

Before submitting this PR, please make sure that:

  • Your code passes linting and coding style checks.
  • Documentation has been updated to reflect the changes.
  • You have reviewed your own code and resolved any merge conflicts.
  • You have requested a review from at least one team member.
  • Any relevant issue(s) have been linked to this PR.

Merge request reports