fix: include custom root roles in user access overview (#5898)

https://linear.app/unleash/issue/2-1844/fix-add-custom-root-roles-to-user-access-overview I noticed our user access overview method did not take into account custom root roles, which meant only users with default root roles were being returned. This changes the query to check for `IN ('root', 'root-custom')` instead, including both "root" and "custom root" roles. ![image](https://github.com/Unleash/unleash/assets/14320932/aa808e8f-edc0-4a94-b59f-a8b619ae54ca)
2025-01-20 00:08:02 +01:00 · 2024-01-15 13:38:31 +00:00 · 2024-01-15 13:38:31 +00:00 · 1c84a81178
commit 1c84a81178
parent 0ba37e8622
2 changed files with 37 additions and 2 deletions
--- a/src/lib/db/access-store.ts
+++ b/src/lib/db/access-store.ts
@ -918,7 +918,9 @@ export class AccessStore implements IAccessStore {
                    SELECT r.name
                    FROM   role_user ru
                    INNER JOIN roles r on ru.role_id = r.id
-                    WHERE ru.user_id = u.id and r.type='root'
+                    WHERE ru.user_id = u.id and r.type IN (${ROOT_ROLE_TYPES.map(
+                        (type) => `'${type}'`,
+                    ).join(',')})
                ) r, LATERAL (
                SELECT ARRAY (
                    SELECT g.name FROM group_user gu
--- a/src/test/e2e/services/access-service.e2e.test.ts
+++ b/src/test/e2e/services/access-service.e2e.test.ts
@ -17,7 +17,10 @@ import {
 } from '../../../lib/types';
 import { createTestConfig } from '../../config/test-config';
 import { DEFAULT_PROJECT } from '../../../lib/types/project';
-import { ALL_PROJECTS } from '../../../lib/util/constants';
+import {
+    ALL_PROJECTS,
+    CUSTOM_ROOT_ROLE_TYPE,
+} from '../../../lib/util/constants';
 import {
    createAccessService,
    createFeatureToggleService,
@ -1848,3 +1851,33 @@ test('access overview should have group access for groups that they are in', asy

    expect(userAccess.groupProjects).toStrictEqual(['default']);
 });
+
+test('access overview should include users with custom root roles', async () => {
+    const email = 'ratatoskr@yggdrasil.com';
+
+    const customRole = await accessService.createRole({
+        name: 'Mischievous Messenger',
+        type: CUSTOM_ROOT_ROLE_TYPE,
+        description:
+            'A squirrel that runs up and down the world tree, carrying messages.',
+        permissions: [{ name: permissions.CREATE_ADDON }],
+        createdByUserId: 1,
+    });
+
+    const { userStore } = stores;
+    const user = await userStore.insert({
+        name: 'Ratatoskr',
+        email,
+    });
+
+    await accessService.setUserRootRole(user.id, customRole.id);
+
+    const accessOverView: IUserAccessOverview[] =
+        await accessService.getUserAccessOverview();
+    const userAccess = accessOverView.find(
+        (overviewRow) => overviewRow.userId === user.id,
+    )!;
+
+    expect(userAccess.userId).toBe(user.id);
+    expect(userAccess.rootRole).toBe('Mischievous Messenger');
+});