Add deletedByUserId property to several models

CommonServer/Types/Database/ModelPermission.ts

@@ -39,6 +39,7 @@ import UserType from 'Common/Types/UserType';
 import ColumnBillingAccessControl from 'Common/Types/BaseDatabase/ColumnBillingAccessControl';
 import DatabaseCommonInteractionPropsUtil from 'Common/Types/BaseDatabase/DatabaseCommonInteractionPropsUtil';
 import Includes from 'Common/Types/BaseDatabase/Includes';
+import UserModel from 'Common/Models/UserModel';
 
 export interface CheckReadPermissionType<TBaseModel extends BaseModel> {
     query: Query<TBaseModel>;
@@ -295,6 +296,10 @@ export default class ModelPermission {
                 props
             );
 
+            // add user scope if any
+
+            query = await this.addUserScopeToQuery(modelType, query, props);
+
             if (!props.isMultiTenantRequest) {
                 // We will check for this permission in recursive function.
 
@@ -854,6 +859,26 @@ export default class ModelPermission {
         return query;
     }
 
+    private static async addUserScopeToQuery<TBaseModel extends BaseModel>(
+        modelType: { new (): TBaseModel },
+        query: Query<TBaseModel>,
+        props: DatabaseCommonInteractionProps
+    ): Promise<Query<TBaseModel>> {
+        const model: BaseModel = new modelType();
+
+        if (model instanceof UserModel) {
+            if (props.userId) {
+                (query as any)['_id'] = props.userId;
+            } else if (!props.isRoot && !props.isMasterAdmin) {
+                throw new NotAuthorizedException(
+                    `You do not have permissions to query on - ${model.singularName}.`
+                );
+            }
+        }
+
+        return query;
+    }
+
     private static async addTenantScopeToQuery<TBaseModel extends BaseModel>(
         modelType: { new (): TBaseModel },
         query: Query<TBaseModel>,

Model/Models/BillingInvoice.ts

@@ -192,6 +192,7 @@ export default class BillingInvoice extends BaseModel {
     @JoinColumn({ name: 'deletedByUserId' })
     public deletedByUser?: User = undefined;
 
+
     @ColumnAccessControl({
         create: [],
         read: [

Model/Models/OnCallDutyPolicyEscalationRule.ts

@@ -355,6 +355,25 @@ export default class OnCallDutyPolicyEscalationRule extends BaseModel {
     @JoinColumn({ name: 'deletedByUserId' })
     public deletedByUser?: User = undefined;
 
+    @ColumnAccessControl({
+        create: [],
+        read: [],
+        update: [],
+    })
+    @TableColumn({
+        type: TableColumnType.ObjectID,
+        title: 'Deleted by User ID',
+        description:
+            'User ID who deleted this object (if this object was deleted by a User)',
+    })
+    @Column({
+        type: ColumnType.ObjectID,
+        nullable: true,
+        transformer: ObjectID.getDatabaseTransformer(),
+    })
+    public deletedByUserId?: ObjectID = undefined;
+
+
     @ColumnAccessControl({
         create: [
             Permission.ProjectOwner,

Model/Models/OnCallDutyPolicyEscalationRuleSchedule.ts

@@ -420,4 +420,23 @@ export default class OnCallDutyPolicyEscalationRuleSchedule extends BaseModel {
     )
     @JoinColumn({ name: 'deletedByUserId' })
     public deletedByUser?: User = undefined;
+
+
+    @ColumnAccessControl({
+        create: [],
+        read: [],
+        update: [],
+    })
+    @TableColumn({
+        type: TableColumnType.ObjectID,
+        title: 'Deleted by User ID',
+        description:
+            'User ID who deleted this object (if this object was deleted by a User)',
+    })
+    @Column({
+        type: ColumnType.ObjectID,
+        nullable: true,
+        transformer: ObjectID.getDatabaseTransformer(),
+    })
+    public deletedByUserId?: ObjectID = undefined;
 }

Model/Models/OnCallDutyPolicyEscalationRuleTeam.ts

@@ -418,4 +418,22 @@ export default class OnCallDutyPolicyEscalationRuleTeam extends BaseModel {
     )
     @JoinColumn({ name: 'deletedByUserId' })
     public deletedByUser?: User = undefined;
+
+    @ColumnAccessControl({
+        create: [],
+        read: [],
+        update: [],
+    })
+    @TableColumn({
+        type: TableColumnType.ObjectID,
+        title: 'Deleted by User ID',
+        description:
+            'User ID who deleted this object (if this object was deleted by a User)',
+    })
+    @Column({
+        type: ColumnType.ObjectID,
+        nullable: true,
+        transformer: ObjectID.getDatabaseTransformer(),
+    })
+    public deletedByUserId?: ObjectID = undefined;
 }

Model/Models/OnCallDutyPolicyEscalationRuleUser.ts

@@ -417,4 +417,22 @@ export default class OnCallDutyPolicyEscalationRuleUser extends BaseModel {
     )
     @JoinColumn({ name: 'deletedByUserId' })
     public deletedByUser?: User = undefined;
+
+    @ColumnAccessControl({
+        create: [],
+        read: [],
+        update: [],
+    })
+    @TableColumn({
+        type: TableColumnType.ObjectID,
+        title: 'Deleted by User ID',
+        description:
+            'User ID who deleted this object (if this object was deleted by a User)',
+    })
+    @Column({
+        type: ColumnType.ObjectID,
+        nullable: true,
+        transformer: ObjectID.getDatabaseTransformer(),
+    })
+    public deletedByUserId?: ObjectID = undefined;
 }

Model/Models/OnCallDutyPolicyExecutionLog.ts

@@ -664,4 +664,6 @@ export default class OnCallDutyPolicyExecutionLog extends BaseModel {
         default: 1,
     })
     public onCallPolicyExecutionRepeatCount?: number = undefined;
+
+
 }

Model/Models/OnCallDutyPolicyExecutionLogTimeline.ts

@@ -708,4 +708,22 @@ export default class OnCallDutyPolicyExecutionLogTimeline extends BaseModel {
         unique: false,
     })
     public acknowledgedAt?: Date = undefined;
+
+    @ColumnAccessControl({
+        create: [],
+        read: [],
+        update: [],
+    })
+    @TableColumn({
+        type: TableColumnType.ObjectID,
+        title: 'Deleted by User ID',
+        description:
+            'User ID who deleted this object (if this object was deleted by a User)',
+    })
+    @Column({
+        type: ColumnType.ObjectID,
+        nullable: true,
+        transformer: ObjectID.getDatabaseTransformer(),
+    })
+    public deletedByUserId?: ObjectID = undefined;
 }

Model/Models/OnCallDutyPolicySchedule.ts

@@ -402,4 +402,6 @@ export default class OnCallDutyPolicySchedule extends BaseModel {
         transformer: ObjectID.getDatabaseTransformer(),
     })
     public deletedByUserId?: ObjectID = undefined;
+
+
 }

Model/Models/OnCallDutyPolicyScheduleLayer.ts

@@ -556,4 +556,6 @@ export default class OnCallDutyPolicyScheduleLayer extends BaseModel {
         transformer: RestrictionTimes.getDatabaseTransformer(),
     })
     public restrictionTimes?: RestrictionTimes = undefined;
+
+
 }

Model/Models/OnCallDutyPolicyScheduleLayerUser.ts

@@ -494,4 +494,5 @@ export default class OnCallDutyPolicyScheduleLayerUser extends BaseModel {
         transformer: ObjectID.getDatabaseTransformer(),
     })
     public userId?: ObjectID = undefined;
+
 }

Model/Models/User.ts

@@ -32,11 +32,7 @@ import EnableDocumentation from 'Common/Types/Database/EnableDocumentation';
 @AllowAccessIfSubscriptionIsUnpaid()
 @TableAccessControl({
     create: [Permission.Public],
-    read: [
-        Permission.CurrentUser,
-        Permission.ProjectAdmin,
-        Permission.ProjectOwner,
-    ],
+    read: [Permission.CurrentUser],
     delete: [Permission.CurrentUser],
     update: [Permission.CurrentUser],
 })
@@ -56,11 +52,7 @@ import EnableDocumentation from 'Common/Types/Database/EnableDocumentation';
 class User extends UserModel {
     @ColumnAccessControl({
         create: [Permission.Public],
-        read: [
-            Permission.CurrentUser,
-            Permission.ProjectAdmin,
-            Permission.ProjectOwner,
-        ],
+        read: [Permission.CurrentUser],
         update: [Permission.CurrentUser],
     })
     @TableColumn({ type: TableColumnType.Name, canReadOnRelationQuery: true })
@@ -75,11 +67,7 @@ class User extends UserModel {
 
     @ColumnAccessControl({
         create: [Permission.Public],
-        read: [
-            Permission.CurrentUser,
-            Permission.ProjectAdmin,
-            Permission.ProjectOwner,
-        ],
+        read: [Permission.CurrentUser],
 
         update: [Permission.CurrentUser],
     })
@@ -247,11 +235,7 @@ class User extends UserModel {
 
     @ColumnAccessControl({
         create: [],
-        read: [
-            Permission.CurrentUser,
-            Permission.ProjectAdmin,
-            Permission.ProjectOwner,
-        ],
+        read: [Permission.CurrentUser],
 
         update: [Permission.CurrentUser],
     })
@@ -276,11 +260,7 @@ class User extends UserModel {
 
     @ColumnAccessControl({
         create: [],
-        read: [
-            Permission.CurrentUser,
-            Permission.ProjectAdmin,
-            Permission.ProjectOwner,
-        ],
+        read: [Permission.CurrentUser],
 
         update: [Permission.CurrentUser],
     })
@@ -297,18 +277,15 @@ class User extends UserModel {
 
     @ColumnAccessControl({
         create: [],
-        read: [
-            Permission.CurrentUser,
-            Permission.ProjectAdmin,
-            Permission.ProjectOwner,
-        ],
+        read: [Permission.CurrentUser],
 
         update: [Permission.CurrentUser],
     })
     @TableColumn({
         isDefaultValueColumn: true,
         required: true,
         type: TableColumnType.Boolean,
+        canReadOnRelationQuery: true,
     })
     @Column({
         type: ColumnType.Boolean,
@@ -424,11 +401,7 @@ class User extends UserModel {
 
     @ColumnAccessControl({
         create: [],
-        read: [
-            Permission.CurrentUser,
-            Permission.ProjectAdmin,
-            Permission.ProjectOwner,
-        ],
+        read: [Permission.CurrentUser],
 
         update: [Permission.CurrentUser],
     })
@@ -543,11 +516,7 @@ class User extends UserModel {
 
     @ColumnAccessControl({
         create: [],
-        read: [
-            Permission.CurrentUser,
-            Permission.ProjectAdmin,
-            Permission.ProjectOwner,
-        ],
+        read: [Permission.CurrentUser],
 
         update: [Permission.CurrentUser],
     })