From 1c84a811786351d366f96acf5491e744450ad585 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nuno=20G=C3=B3is?= <github@nunogois.com>
Date: Mon, 15 Jan 2024 13:38:31 +0000
Subject: [PATCH] fix: include custom root roles in user access overview
 (#5898)

https://linear.app/unleash/issue/2-1844/fix-add-custom-root-roles-to-user-access-overview

I noticed our user access overview method did not take into account
custom root roles, which meant only users with default root roles were
being returned.

This changes the query to check for `IN ('root', 'root-custom')`
instead, including both "root" and "custom root" roles.


![image](https://github.com/Unleash/unleash/assets/14320932/aa808e8f-edc0-4a94-b59f-a8b619ae54ca)
---
 src/lib/db/access-store.ts                    |  4 ++-
 .../e2e/services/access-service.e2e.test.ts   | 35 ++++++++++++++++++-
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/src/lib/db/access-store.ts b/src/lib/db/access-store.ts
index 1c6f9202d5..6bf9194257 100644
--- a/src/lib/db/access-store.ts
+++ b/src/lib/db/access-store.ts
@@ -918,7 +918,9 @@ export class AccessStore implements IAccessStore {
                     SELECT r.name
                     FROM   role_user ru
                     INNER JOIN roles r on ru.role_id = r.id
-                    WHERE ru.user_id = u.id and r.type='root'
+                    WHERE ru.user_id = u.id and r.type IN (${ROOT_ROLE_TYPES.map(
+                        (type) => `'${type}'`,
+                    ).join(',')})
                 ) r, LATERAL (
                 SELECT ARRAY (
                     SELECT g.name FROM group_user gu
diff --git a/src/test/e2e/services/access-service.e2e.test.ts b/src/test/e2e/services/access-service.e2e.test.ts
index a992f8dc9f..06b7e99658 100644
--- a/src/test/e2e/services/access-service.e2e.test.ts
+++ b/src/test/e2e/services/access-service.e2e.test.ts
@@ -17,7 +17,10 @@ import {
 } from '../../../lib/types';
 import { createTestConfig } from '../../config/test-config';
 import { DEFAULT_PROJECT } from '../../../lib/types/project';
-import { ALL_PROJECTS } from '../../../lib/util/constants';
+import {
+    ALL_PROJECTS,
+    CUSTOM_ROOT_ROLE_TYPE,
+} from '../../../lib/util/constants';
 import {
     createAccessService,
     createFeatureToggleService,
@@ -1848,3 +1851,33 @@ test('access overview should have group access for groups that they are in', asy
 
     expect(userAccess.groupProjects).toStrictEqual(['default']);
 });
+
+test('access overview should include users with custom root roles', async () => {
+    const email = 'ratatoskr@yggdrasil.com';
+
+    const customRole = await accessService.createRole({
+        name: 'Mischievous Messenger',
+        type: CUSTOM_ROOT_ROLE_TYPE,
+        description:
+            'A squirrel that runs up and down the world tree, carrying messages.',
+        permissions: [{ name: permissions.CREATE_ADDON }],
+        createdByUserId: 1,
+    });
+
+    const { userStore } = stores;
+    const user = await userStore.insert({
+        name: 'Ratatoskr',
+        email,
+    });
+
+    await accessService.setUserRootRole(user.id, customRole.id);
+
+    const accessOverView: IUserAccessOverview[] =
+        await accessService.getUserAccessOverview();
+    const userAccess = accessOverView.find(
+        (overviewRow) => overviewRow.userId === user.id,
+    )!;
+
+    expect(userAccess.userId).toBe(user.id);
+    expect(userAccess.rootRole).toBe('Mischievous Messenger');
+});