diff --git a/entity_api/src/coaching_relationship.rs b/entity_api/src/coaching_relationship.rs index ef55368..5938dc2 100644 --- a/entity_api/src/coaching_relationship.rs +++ b/entity_api/src/coaching_relationship.rs @@ -63,6 +63,7 @@ pub async fn find_by_organization( pub async fn find_by_organization_with_user_names( db: &DatabaseConnection, organization_id: Id, + user_id: Id, ) -> Result, Error> { let coaches = Alias::new("coaches"); let coachees = Alias::new("coachees"); @@ -79,6 +80,11 @@ pub async fn find_by_organization_with_user_names( coachees::Relation::CoachingRelationships.def().rev(), coachees.clone(), ) + .filter( + Condition::any() + .add(coaching_relationships::Column::CoachId.eq(user_id)) + .add(coaching_relationships::Column::CoacheeId.eq(user_id)), + ) .select_only() .column(coaching_relationships::Column::Id) .column(coaching_relationships::Column::OrganizationId) @@ -271,14 +277,19 @@ mod tests { let db = MockDatabase::new(DatabaseBackend::Postgres).into_connection(); let organization_id = Id::new_v4(); - let _ = find_by_organization_with_user_names(&db, organization_id).await; + let user_id = Id::new_v4(); + let _ = find_by_organization_with_user_names(&db, organization_id, user_id).await; assert_eq!( db.into_transaction_log(), [Transaction::from_sql_and_values( DatabaseBackend::Postgres, - r#"SELECT "coaching_relationships"."id", "coaching_relationships"."organization_id", "coaching_relationships"."coach_id", "coaching_relationships"."coachee_id", "coaching_relationships"."created_at", "coaching_relationships"."updated_at", coaches.first_name AS "coach_first_name", coaches.last_name AS "coach_last_name", coachees.first_name AS "coachee_first_name", coachees.last_name AS "coachee_last_name" FROM "refactor_platform"."coaching_relationships" JOIN "refactor_platform"."users" AS "coaches" ON "coaching_relationships"."coach_id" = "coaches"."id" JOIN "refactor_platform"."users" AS "coachees" ON "coaching_relationships"."coachee_id" = "coachees"."id" WHERE "coaching_relationships"."organization_id" IN (SELECT "organizations"."id" FROM "refactor_platform"."organizations" WHERE "organizations"."id" = $1)"#, - [organization_id.clone().into()] + r#"SELECT "coaching_relationships"."id", "coaching_relationships"."organization_id", "coaching_relationships"."coach_id", "coaching_relationships"."coachee_id", "coaching_relationships"."created_at", "coaching_relationships"."updated_at", coaches.first_name AS "coach_first_name", coaches.last_name AS "coach_last_name", coachees.first_name AS "coachee_first_name", coachees.last_name AS "coachee_last_name" FROM "refactor_platform"."coaching_relationships" JOIN "refactor_platform"."users" AS "coaches" ON "coaching_relationships"."coach_id" = "coaches"."id" JOIN "refactor_platform"."users" AS "coachees" ON "coaching_relationships"."coachee_id" = "coachees"."id" WHERE "coaching_relationships"."organization_id" IN (SELECT "organizations"."id" FROM "refactor_platform"."organizations" WHERE "organizations"."id" = $1) AND ("coaching_relationships"."coach_id" = $2 OR "coaching_relationships"."coachee_id" = $3)"#, + [ + organization_id.clone().into(), + user_id.clone().into(), + user_id.clone().into() + ] )] ); diff --git a/web/src/controller/organization/coaching_relationship_controller.rs b/web/src/controller/organization/coaching_relationship_controller.rs index 9613c3b..0f639da 100644 --- a/web/src/controller/organization/coaching_relationship_controller.rs +++ b/web/src/controller/organization/coaching_relationship_controller.rs @@ -113,7 +113,7 @@ pub async fn read( )] pub async fn index( CompareApiVersion(_v): CompareApiVersion, - AuthenticatedUser(_user): AuthenticatedUser, + AuthenticatedUser(user): AuthenticatedUser, // TODO: create a new Extractor to authorize the user to access // the data requested State(app_state): State, @@ -123,6 +123,7 @@ pub async fn index( let coaching_relationships = CoachingRelationshipApi::find_by_organization_with_user_names( app_state.db_conn_ref(), organization_id, + user.id, ) .await?;