fix: trips admin shows only users with trips.record permission
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
BOHA
@@ -127,7 +127,7 @@ export default function TripsAdmin() {
|
|||||||
try {
|
try {
|
||||||
const [vRes, uRes, csRes] = await Promise.all([
|
const [vRes, uRes, csRes] = await Promise.all([
|
||||||
apiFetch(`${API_BASE}/vehicles`),
|
apiFetch(`${API_BASE}/vehicles`),
|
||||||
apiFetch(`${API_BASE}/users?limit=1000`),
|
apiFetch(`${API_BASE}/trips/users`),
|
||||||
apiFetch(`${API_BASE}/company-settings`),
|
apiFetch(`${API_BASE}/company-settings`),
|
||||||
]);
|
]);
|
||||||
const vJson = await vRes.json();
|
const vJson = await vRes.json();
|
||||||
@@ -136,14 +136,7 @@ export default function TripsAdmin() {
|
|||||||
if (vJson.success) setVehicles(vJson.data);
|
if (vJson.success) setVehicles(vJson.data);
|
||||||
if (csJson.success) setCompanyName(csJson.data.company_name || "");
|
if (csJson.success) setCompanyName(csJson.data.company_name || "");
|
||||||
if (uJson.success) {
|
if (uJson.success) {
|
||||||
setUsers(
|
setUsers(uJson.data);
|
||||||
uJson.data.map(
|
|
||||||
(u: { id: number; first_name: string; last_name: string }) => ({
|
|
||||||
id: u.id,
|
|
||||||
name: `${u.first_name} ${u.last_name}`,
|
|
||||||
}),
|
|
||||||
),
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
} catch {
|
} catch {
|
||||||
// silently fail, filters will just be empty
|
// silently fail, filters will just be empty
|
||||||
|
|||||||
@@ -66,6 +66,45 @@ export default async function tripsRoutes(
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// GET /api/admin/trips/users — users with trips.record permission
|
||||||
|
fastify.get(
|
||||||
|
"/users",
|
||||||
|
{ preHandler: requireAuth },
|
||||||
|
async (_request, reply) => {
|
||||||
|
const users = await prisma.users.findMany({
|
||||||
|
where: {
|
||||||
|
is_active: true,
|
||||||
|
roles: {
|
||||||
|
is: {
|
||||||
|
OR: [
|
||||||
|
{ name: "admin" },
|
||||||
|
{
|
||||||
|
role_permissions: {
|
||||||
|
some: { permissions: { name: "trips.record" } },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
select: {
|
||||||
|
id: true,
|
||||||
|
first_name: true,
|
||||||
|
last_name: true,
|
||||||
|
username: true,
|
||||||
|
},
|
||||||
|
orderBy: { last_name: "asc" },
|
||||||
|
});
|
||||||
|
return success(
|
||||||
|
reply,
|
||||||
|
users.map((u) => ({
|
||||||
|
id: u.id,
|
||||||
|
name: `${u.first_name} ${u.last_name}`.trim() || u.username,
|
||||||
|
})),
|
||||||
|
);
|
||||||
|
},
|
||||||
|
);
|
||||||
|
|
||||||
// GET /api/admin/trips/print — print data for trip report
|
// GET /api/admin/trips/print — print data for trip report
|
||||||
fastify.get(
|
fastify.get(
|
||||||
"/print",
|
"/print",
|
||||||
|
|||||||
Reference in New Issue
Block a user