From 11ee1fb3a41fa3831b3411a8039d879c15c31f41 Mon Sep 17 00:00:00 2001 From: alma Date: Thu, 15 Jan 2026 23:19:34 +0100 Subject: [PATCH] widget leantime refactor --- app/api/twenty-crm/tasks/route.ts | 41 +++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/app/api/twenty-crm/tasks/route.ts b/app/api/twenty-crm/tasks/route.ts index 4f37686..9cc7f2c 100644 --- a/app/api/twenty-crm/tasks/route.ts +++ b/app/api/twenty-crm/tasks/route.ts @@ -23,6 +23,38 @@ interface TwentyTask { }; } +/** + * Check if user has the mediation role + * Uses the same normalization logic as the sidebar component + */ +function hasMediationRole(userRole: string | string[] | undefined): boolean { + if (!userRole) { + return false; + } + + // Get user roles and normalize them properly + const userRoles = Array.isArray(userRole) ? userRole : [userRole]; + + // Filter out technical/system roles that shouldn't count for permissions + const ignoredRoles = ['offline_access', 'uma_authorization', 'default-roles-cercle']; + + const cleanUserRoles = userRoles + .filter(Boolean) // Remove any null/undefined values + .filter(role => !ignoredRoles.includes(String(role))) // Filter out system roles + .map(role => { + if (typeof role !== 'string') return ''; + return role + .replace(/^\//, '') // Remove leading slash + .replace(/^ROLE_/i, '') // Remove ROLE_ prefix, case insensitive + .replace(/^default-roles-[^/]*\//i, '') // Remove realm prefix like default-roles-cercle/ + .toLowerCase(); + }) + .filter(role => role !== ''); // Remove empty strings + + // Check if user has mediation role + return cleanUserRoles.includes('mediation'); +} + /** * Get Twenty CRM workspace member ID by email */ @@ -402,6 +434,15 @@ export async function GET(request: NextRequest) { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } + // Check if user has mediation role (same as Médiation page access) + if (!hasMediationRole(session.user.role)) { + logger.debug('[TWENTY_CRM_TASKS] User does not have mediation role, skipping Twenty CRM API call', { + emailHash: Buffer.from(session.user.email.toLowerCase()).toString('base64').slice(0, 12), + roles: session.user.role, + }); + return NextResponse.json([]); + } + // Check for force refresh parameter const url = new URL(request.url); const forceRefresh = url.searchParams.get('refresh') === 'true';