fix(organization): retrict user field select query (#502)

Author: douglasduteil

packages/~/users/repository/src/get_users_by_organization_id.test.ts

@@ -0,0 +1,62 @@
+//
+
+import {
+  create_pink_diamond_user,
+  create_red_diamond_user,
+  create_unicorn_organization,
+} from "@~/moncomptepro.database/seed/unicorn";
+import {
+  add_user_to_organization,
+  empty_database,
+  migrate,
+  pg,
+} from "@~/moncomptepro.database/testing";
+import { beforeAll, beforeEach, expect, test } from "bun:test";
+import { get_users_by_organization_id } from "./get_users_by_organization_id";
+
+//
+
+beforeAll(migrate);
+beforeEach(empty_database);
+
+test("returns pink diamond", async () => {
+  const unicorn_organization_id = await create_unicorn_organization(pg);
+  const pink_diamond_user_id = await create_pink_diamond_user(pg);
+  await add_user_to_organization({
+    organization_id: unicorn_organization_id,
+    user_id: pink_diamond_user_id,
+  });
+  const red_diamond_user_id = await create_red_diamond_user(pg);
+  await add_user_to_organization({
+    organization_id: unicorn_organization_id,
+    user_id: red_diamond_user_id,
+  });
+
+  const emails = await get_users_by_organization_id(pg, {
+    organization_id: unicorn_organization_id,
+  });
+
+  expect(emails).toEqual({
+    count: 2,
+    users: [
+      {
+        email: "red.diamond@unicorn.xyz",
+        family_name: "Diamond",
+        given_name: "Red",
+        id: red_diamond_user_id,
+        job: null,
+        verification_type: null,
+        is_external: false,
+      },
+      {
+        email: "pink.diamond@unicorn.xyz",
+        family_name: "Diamond",
+        given_name: "Pink",
+        id: pink_diamond_user_id,
+        job: null,
+        verification_type: null,
+        is_external: false,
+      },
+    ],
+  });
+});

packages/~/users/repository/src/get_users_by_organization_id.ts

@@ -21,7 +21,15 @@ export async function get_users_by_organization_id(
 
   const { users, count } = await pg.transaction(async (pg_t) => {
     const users = await pg_t
-      .select()
+      .select({
+        email: schema.users.email,
+        family_name: schema.users.family_name,
+        given_name: schema.users.given_name,
+        id: schema.users.id,
+        is_external: schema.users_organizations.is_external,
+        job: schema.users.job,
+        verification_type: schema.users_organizations.verification_type,
+      })
       .from(schema.users)
       .innerJoin(
         schema.users_organizations,
@@ -43,13 +51,7 @@ export async function get_users_by_organization_id(
     return { users, count };
   });
 
-  const users_with_external = users.map((user) => ({
-    ...user.users,
-    is_external: user.users_organizations.is_external,
-    verification_type: user.users_organizations.verification_type,
-  }));
-
-  return { users: users_with_external, count };
+  return { users, count };
 }
 
 export type get_users_by_organization_id_dto = ReturnType<