From 3a3d3d014d9a57312c794afd62a940b43f437cfc Mon Sep 17 00:00:00 2001
From: Joao Correia <joao.correia@ecrop.dev>
Date: Sat, 8 Feb 2025 19:23:42 +0000
Subject: [PATCH] filter workflows user can see based on entities

---
 src/hooks/useApprovalWorkflows.tsx        |  4 ++--
 src/pages/api/approval-workflows/index.ts |  8 ++++++--
 src/pages/approval-workflows/index.tsx    | 13 +++++++------
 src/utils/approval.workflows.be.ts        | 17 ++++++++++++-----
 4 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/src/hooks/useApprovalWorkflows.tsx b/src/hooks/useApprovalWorkflows.tsx
index 1b950c2f..7bfec920 100644
--- a/src/hooks/useApprovalWorkflows.tsx
+++ b/src/hooks/useApprovalWorkflows.tsx
@@ -2,7 +2,7 @@ import { ApprovalWorkflow } from "@/interfaces/approval.workflow";
 import axios from "axios";
 import { useCallback, useEffect, useState } from "react";
 
-export default function useApprovalWorkflows() {
+export default function useApprovalWorkflows(entitiesString?: string) {
   const [workflows, setWorkflows] = useState<ApprovalWorkflow[]>([]);
   const [isLoading, setIsLoading] = useState(false);
   const [isError, setIsError] = useState(false);
@@ -10,7 +10,7 @@ export default function useApprovalWorkflows() {
   const getData = useCallback(() => {
     setIsLoading(true);
     axios
-      .get<ApprovalWorkflow[]>(`/api/approval-workflows`)
+      .get<ApprovalWorkflow[]>(`/api/approval-workflows`, {params: { entityIds: entitiesString }})
       .then((response) => setWorkflows(response.data))
       .catch((error) => {
         setIsError(true);
diff --git a/src/pages/api/approval-workflows/index.ts b/src/pages/api/approval-workflows/index.ts
index ff381a5e..a2cd2ea4 100644
--- a/src/pages/api/approval-workflows/index.ts
+++ b/src/pages/api/approval-workflows/index.ts
@@ -19,5 +19,9 @@ async function get(req: NextApiRequest, res: NextApiResponse) {
         return res.status(403).json({ ok: false });
     }
 
-    return res.status(200).json(await getApprovalWorkflows("active-workflows"));
-}
\ No newline at end of file
+    const entityIdsString = req.query.entityIds as string;
+
+    const entityIdsArray = entityIdsString.split(",");
+
+    return res.status(200).json(await getApprovalWorkflows("active-workflows", entityIdsArray));
+}
diff --git a/src/pages/approval-workflows/index.tsx b/src/pages/approval-workflows/index.tsx
index a33d2967..58d4e54e 100644
--- a/src/pages/approval-workflows/index.tsx
+++ b/src/pages/approval-workflows/index.tsx
@@ -69,7 +69,11 @@ export const getServerSideProps = withIronSessionSsr(async ({ req, res }) => {
 
 	if (shouldRedirectHome(user) || !["admin", "developer", "teacher", "corporate", "mastercorporate"].includes(user.type)) return redirect("/");
 
-	const workflows = await getApprovalWorkflows("active-workflows");
+	const entityIDS = mapBy(user.entities, "id");
+	const entities = await getEntitiesWithRoles(isAdmin(user) ? undefined : entityIDS);
+	const allowedEntities = findAllowedEntities(user, entities, "view_workflows");
+
+	const workflows = await getApprovalWorkflows("active-workflows", allowedEntities.map(entity => entity.id));
 
 	const allAssigneeIds: string[] = [
 		...new Set(
@@ -81,10 +85,6 @@ export const getServerSideProps = withIronSessionSsr(async ({ req, res }) => {
 		)
 	];
 
-	const entityIDS = mapBy(user.entities, "id");
-	const entities = await getEntitiesWithRoles(isAdmin(user) ? undefined : entityIDS);
-	const allowedEntities = findAllowedEntities(user, entities, "view_workflows");
-
 	return {
 		props: serialize({
 			user,
@@ -103,7 +103,8 @@ interface Props {
 }
 
 export default function ApprovalWorkflows({ user, initialWorkflows, workflowsAssignees, userEntitiesWithLabel }: Props) {
-	const { workflows, reload } = useApprovalWorkflows();
+	const entitiesString = userEntitiesWithLabel.map(entity => entity.id).join(",");
+	const { workflows, reload } = useApprovalWorkflows(entitiesString);
 	const currentWorkflows = workflows || initialWorkflows;
 
 	const [filteredWorkflows, setFilteredWorkflows] = useState<ApprovalWorkflow[]>([]);
diff --git a/src/utils/approval.workflows.be.ts b/src/utils/approval.workflows.be.ts
index 1b32bfb8..9998a06e 100644
--- a/src/utils/approval.workflows.be.ts
+++ b/src/utils/approval.workflows.be.ts
@@ -4,11 +4,18 @@ import { ObjectId } from "mongodb";
 
 const db = client.db(process.env.MONGODB_DB);
 
-export const getApprovalWorkflows = async (collection: string, ids?: string[]) => {
-    return await db
-        .collection<ApprovalWorkflow>(collection)
-        .find(ids ? { _id: { $in: ids.map((id) => new ObjectId(id)) } } : {})
-        .toArray();
+export const getApprovalWorkflows = async (collection: string, entityIds?: string[], ids?: string[]) => {
+    const filters: any = {};
+
+    if (ids && ids.length > 0) {
+        filters.id = { $in: ids };
+    }
+
+    if (entityIds && entityIds.length > 0) {
+        filters.entityId = { $in: entityIds };
+    }
+
+    return await db.collection<ApprovalWorkflow>(collection).find(filters).toArray();
 };
 
 export const getApprovalWorkflow = async (collection: string, id: string) => {