add user-project relation and role-based filtering

2026-02-02 01:14:57 -06:00
parent 01aadcf2f3
commit 1d278936b1
5 changed files with 47 additions and 2 deletions
--- a/water-api/src/middleware/auth.middleware.ts
+++ b/water-api/src/middleware/auth.middleware.ts
@@ -41,6 +41,7 @@ export function authenticateToken(
      email: (decoded as any).email,
      roleId: (decoded as any).roleId || (decoded as any).role,
      roleName: (decoded as any).roleName || (decoded as any).role,
+      projectId: (decoded as any).projectId,
    };

    next();
--- a/water-api/src/services/auth.service.ts
+++ b/water-api/src/services/auth.service.ts
@@ -55,9 +55,10 @@ export async function login(
    password_hash: string;
    avatar_url: string | null;
    role_name: string;
+    project_id: string | null;
    created_at: Date;
  }>(
-    `SELECT u.id, u.email, u.name, u.password_hash, u.avatar_url, r.name as role_name, u.created_at
+    `SELECT u.id, u.email, u.name, u.password_hash, u.avatar_url, r.name as role_name, u.project_id, u.created_at
     FROM users u
     JOIN roles r ON u.role_id = r.id
     WHERE LOWER(u.email) = LOWER($1) AND u.is_active = true
@@ -83,6 +84,7 @@ export async function login(
    email: user.email,
    roleId: user.id,
    roleName: user.role_name,
+    projectId: user.project_id,
  });

  const refreshToken = generateRefreshToken({
@@ -170,8 +172,9 @@ export async function refresh(refreshToken: string): Promise<{ accessToken: stri
    id: string;
    email: string;
    role_name: string;
+    project_id: string | null;
  }>(
-    `SELECT u.id, u.email, r.name as role_name
+    `SELECT u.id, u.email, r.name as role_name, u.project_id
     FROM users u
     JOIN roles r ON u.role_id = r.id
     WHERE u.id = $1 AND u.is_active = true
@@ -190,6 +193,7 @@ export async function refresh(refreshToken: string): Promise<{ accessToken: stri
    email: user.email,
    roleId: user.id,
    roleName: user.role_name,
+    projectId: user.project_id,
  });

  return { accessToken };
--- a/water-api/src/types/index.ts
+++ b/water-api/src/types/index.ts
@@ -30,6 +30,7 @@ export interface User {
  avatar_url: string | null;
  role_id: string;
  role?: Role;
+  project_id: string | null;
  is_active: boolean;
  last_login: Date | null;
  created_at: Date;
@@ -43,6 +44,7 @@ export interface UserPublic {
  avatar_url: string | null;
  role_id: string;
  role?: Role;
+  project_id: string | null;
  is_active: boolean;
  last_login: Date | null;
  created_at: Date;
@@ -54,6 +56,7 @@ export interface JwtPayload {
  email: string;
  roleId: string;
  roleName: string;
+  projectId?: string | null;
  iat?: number;
  exp?: number;
 }
--- a/water-api/src/validators/user.validator.ts
+++ b/water-api/src/validators/user.validator.ts
@@ -30,6 +30,11 @@ export const createUserSchema = z.object({
  role_id: z
    .string({ required_error: 'Role ID is required' })
    .uuid('Role ID must be a valid UUID'),
+  project_id: z
+    .string()
+    .uuid('Project ID must be a valid UUID')
+    .nullable()
+    .optional(),
  is_active: z.boolean().default(true),
 });

@@ -58,6 +63,11 @@ export const updateUserSchema = z.object({
    .string()
    .uuid('Role ID must be a valid UUID')
    .optional(),
+  project_id: z
+    .string()
+    .uuid('Project ID must be a valid UUID')
+    .nullable()
+    .optional(),
  is_active: z.boolean().optional(),
 });