Projects view by user

water-api/src/services/concentrator.service.ts

@@ -68,11 +68,13 @@ export interface PaginatedResult<T> {
  * Get all concentrators with optional filters and pagination
  * @param filters - Optional filter criteria
  * @param pagination - Optional pagination options
+ * @param requestingUser - User making the request (for role-based filtering)
  * @returns Paginated list of concentrators
  */
 export async function getAll(
   filters?: ConcentratorFilters,
-  pagination?: PaginationOptions
+  pagination?: PaginationOptions,
+  requestingUser?: { roleName: string; projectId?: string | null }
 ): Promise<PaginatedResult<Concentrator>> {
   const page = pagination?.page || 1;
   const limit = pagination?.limit || 10;
@@ -85,7 +87,15 @@ export async function getAll(
   const params: unknown[] = [];
   let paramIndex = 1;
 
-  if (filters?.project_id) {
+  // Role-based filtering: OPERATOR users can only see their assigned project
+  if (requestingUser && requestingUser.roleName !== 'ADMIN' && requestingUser.projectId) {
+    conditions.push(`project_id = $${paramIndex}`);
+    params.push(requestingUser.projectId);
+    paramIndex++;
+  }
+
+  // Additional filter by project_id (only applies if user is ADMIN or no user context)
+  if (filters?.project_id && (!requestingUser || requestingUser.roleName === 'ADMIN')) {
     conditions.push(`project_id = $${paramIndex}`);
     params.push(filters.project_id);
     paramIndex++;