Merge pull request #6203 from bcgov/chore/6168

junminahn · web-flow · commit cabd9247e136 · 2025-07-31T09:21:51.000-07:00
fix(6202): handle querying requests by requester IDs
diff --git a/app/services/db/models/private-cloud-request.ts b/app/services/db/models/private-cloud-request.ts
@@ -17,24 +17,11 @@ async function baseFilter(session: Session) {
   if (!session?.userId) return false;
   if (session.permissions.viewAllPrivateCloudProducts) return true;
 
-  const { data: products } = await privateCloudProductModel.list({ select: { licencePlate: true } }, session);
-  const licencePlates = products.map(({ licencePlate }) => licencePlate);
-
-  const requestIdsFromTasks = session.tasks
-    .filter(
-      (task) =>
-        ([TaskType.REVIEW_PRIVATE_CLOUD_REQUEST] as TaskType[]).includes(task.type) &&
-        task.status === TaskStatus.ASSIGNED,
-    )
-    .map((task) => (task.data as { requestId: string }).requestId);
-
   const filter: Prisma.PrivateCloudRequestWhereInput = {
     OR: [
-      { licencePlate: { in: licencePlates } },
-      { id: { in: getUniqueNonFalsyItems([...requestIdsFromTasks]) } },
       {
         type: RequestType.CREATE,
-        createdById: { equals: session.user.id, mode: 'insensitive' },
+        createdById: session.user.id,
       },
       {
         type: RequestType.CREATE,
@@ -51,6 +38,25 @@ async function baseFilter(session: Session) {
     ],
   };
 
+  const { data: products } = await privateCloudProductModel.list({ select: { licencePlate: true } }, session);
+  const requestIdsFromTasks = session.tasks
+    .filter(
+      (task) =>
+        ([TaskType.REVIEW_PRIVATE_CLOUD_REQUEST] as TaskType[]).includes(task.type) &&
+        task.status === TaskStatus.ASSIGNED,
+    )
+    .map((task) => (task.data as { requestId: string }).requestId);
+
+  const allowedLicencePlates = products.map(({ licencePlate }) => licencePlate);
+  if (allowedLicencePlates.length > 0) {
+    filter.OR?.push({ licencePlate: { in: allowedLicencePlates } });
+  }
+
+  const allowedIds = getUniqueNonFalsyItems([...requestIdsFromTasks]);
+  if (allowedIds.length > 0) {
+    filter.OR?.push({ id: { in: allowedIds } });
+  }
+
   return filter;
 }
 
diff --git a/app/services/db/models/public-cloud-request.ts b/app/services/db/models/public-cloud-request.ts
@@ -17,6 +17,31 @@ async function baseFilter(session: Session) {
   if (!session?.userId) return false;
   if (session.permissions.viewAllPublicCloudProducts) return true;
 
+  const filter: Prisma.PublicCloudRequestWhereInput = {
+    OR: [
+      {
+        type: RequestType.CREATE,
+        createdById: session.user.id,
+      },
+      {
+        type: RequestType.CREATE,
+        decisionData: { projectOwnerId: session.user.id },
+      },
+      {
+        type: RequestType.CREATE,
+        decisionData: { primaryTechnicalLeadId: session.user.id },
+      },
+      {
+        type: RequestType.CREATE,
+        decisionData: { secondaryTechnicalLeadId: session.user.id },
+      },
+      {
+        type: RequestType.CREATE,
+        decisionData: { expenseAuthorityId: session.user.id },
+      },
+    ],
+  };
+
   const { data: products } = await publicCloudProductModel.list({ select: { licencePlate: true } }, session);
   const licencePlates = products.map(({ licencePlate }) => licencePlate);
 
@@ -51,36 +76,20 @@ async function baseFilter(session: Session) {
 
   const licencePlatesAsEa = billingRecords.map((b) => b.licencePlate);
 
-  const filter: Prisma.PublicCloudRequestWhereInput = {
-    OR: [
-      {
-        licencePlate: {
-          in: getUniqueNonFalsyItems([...licencePlates, ...licencePlatesFromTasks, ...licencePlatesAsEa]),
-        },
-      },
-      { id: { in: getUniqueNonFalsyItems([...requestIdsFromTasks]) } },
-      {
-        type: RequestType.CREATE,
-        createdById: { equals: session.user.id, mode: 'insensitive' },
-      },
-      {
-        type: RequestType.CREATE,
-        decisionData: { projectOwnerId: session.user.id },
-      },
-      {
-        type: RequestType.CREATE,
-        decisionData: { primaryTechnicalLeadId: session.user.id },
-      },
-      {
-        type: RequestType.CREATE,
-        decisionData: { secondaryTechnicalLeadId: session.user.id },
-      },
-      {
-        type: RequestType.CREATE,
-        decisionData: { expenseAuthorityId: session.user.id },
-      },
-    ],
-  };
+  const allowedLicencePlates = getUniqueNonFalsyItems([
+    ...licencePlates,
+    ...licencePlatesFromTasks,
+    ...licencePlatesAsEa,
+  ]);
+
+  if (allowedLicencePlates.length > 0) {
+    filter.OR?.push({ licencePlate: { in: allowedLicencePlates } });
+  }
+
+  const allowedIds = getUniqueNonFalsyItems([...requestIdsFromTasks]);
+  if (allowedIds.length > 0) {
+    filter.OR?.push({ id: { in: allowedIds } });
+  }
 
   return filter;
 }
