Merge pull request #85 from CloudEcosystemDev/feat/add-user-filter-te…

…nant Feat/add user filter tenant
CloudEcosystemDev · Oct 2, 2023 · 20cda60 · 20cda60
2 parents 4835a24 + ae911b0
commit 20cda60
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/services/iam/src/routes/users.js b/services/iam/src/routes/users.js
@@ -88,7 +88,7 @@ router.post('/', auth.hasTenantPermissions([PERMISSIONS['tenant.account.create']
 /**
  * Get all Users
  */
-router.get('/', auth.isAdmin, async (req, res, next) => {
+router.get('/', auth.isLoggedIn, async (req, res, next) => {
     try {
         const filter = {};
         if (req.query.userId) {
@@ -112,6 +112,10 @@ router.get('/', auth.isAdmin, async (req, res, next) => {
                 $in: filterUsernames,
             };
         }
+        // we assure that a user can only fetch users from their tenant
+        if (!req.user.isAdmin) {
+            filter.tenant = req.user.tenant;
+        }
         const doc = await AccountDAO.find(filter);
 
         if (req.query.meta) {