widget leantime refactor
This commit is contained in:
parent
2bb252e1c3
commit
11ee1fb3a4
@ -23,6 +23,38 @@ interface TwentyTask {
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user has the mediation role
|
||||
* Uses the same normalization logic as the sidebar component
|
||||
*/
|
||||
function hasMediationRole(userRole: string | string[] | undefined): boolean {
|
||||
if (!userRole) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Get user roles and normalize them properly
|
||||
const userRoles = Array.isArray(userRole) ? userRole : [userRole];
|
||||
|
||||
// Filter out technical/system roles that shouldn't count for permissions
|
||||
const ignoredRoles = ['offline_access', 'uma_authorization', 'default-roles-cercle'];
|
||||
|
||||
const cleanUserRoles = userRoles
|
||||
.filter(Boolean) // Remove any null/undefined values
|
||||
.filter(role => !ignoredRoles.includes(String(role))) // Filter out system roles
|
||||
.map(role => {
|
||||
if (typeof role !== 'string') return '';
|
||||
return role
|
||||
.replace(/^\//, '') // Remove leading slash
|
||||
.replace(/^ROLE_/i, '') // Remove ROLE_ prefix, case insensitive
|
||||
.replace(/^default-roles-[^/]*\//i, '') // Remove realm prefix like default-roles-cercle/
|
||||
.toLowerCase();
|
||||
})
|
||||
.filter(role => role !== ''); // Remove empty strings
|
||||
|
||||
// Check if user has mediation role
|
||||
return cleanUserRoles.includes('mediation');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get Twenty CRM workspace member ID by email
|
||||
*/
|
||||
@ -402,6 +434,15 @@ export async function GET(request: NextRequest) {
|
||||
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||||
}
|
||||
|
||||
// Check if user has mediation role (same as Médiation page access)
|
||||
if (!hasMediationRole(session.user.role)) {
|
||||
logger.debug('[TWENTY_CRM_TASKS] User does not have mediation role, skipping Twenty CRM API call', {
|
||||
emailHash: Buffer.from(session.user.email.toLowerCase()).toString('base64').slice(0, 12),
|
||||
roles: session.user.role,
|
||||
});
|
||||
return NextResponse.json([]);
|
||||
}
|
||||
|
||||
// Check for force refresh parameter
|
||||
const url = new URL(request.url);
|
||||
const forceRefresh = url.searchParams.get('refresh') === 'true';
|
||||
|
||||
Loading…
Reference in New Issue
Block a user