From c822c89739ae286e2299babf00f6b87dc201ea2f Mon Sep 17 00:00:00 2001
From: Eric Allam <eallam@icloud.com>
Date: Wed, 1 May 2024 10:30:59 +0100
Subject: [PATCH] Allow admins to view any project metrics

---
 .../routes/projects.v3.$projectRef.metrics.ts | 43 +++++++++++++------
 1 file changed, 31 insertions(+), 12 deletions(-)

diff --git a/apps/webapp/app/routes/projects.v3.$projectRef.metrics.ts b/apps/webapp/app/routes/projects.v3.$projectRef.metrics.ts
index 16168361b66..b95b058a68c 100644
--- a/apps/webapp/app/routes/projects.v3.$projectRef.metrics.ts
+++ b/apps/webapp/app/routes/projects.v3.$projectRef.metrics.ts
@@ -20,22 +20,41 @@ export async function loader({ params, request }: LoaderFunctionArgs) {
 
   const validatedParams = ParamsSchema.parse(params);
 
-  const project = await prisma.project.findFirst({
+  const user = await prisma.user.findUnique({
     where: {
-      externalRef: validatedParams.projectRef,
-      organization: {
-        members: {
-          some: {
-            userId: authenticationResult.userId,
-          },
-        },
-      },
-    },
-    include: {
-      organization: true,
+      id: authenticationResult.userId,
     },
   });
 
+  if (!user) {
+    return json({ error: "Invalid or Missing Access Token" }, { status: 401 });
+  }
+
+  const project = user.admin
+    ? await prisma.project.findFirst({
+        where: {
+          externalRef: validatedParams.projectRef,
+        },
+        include: {
+          organization: true,
+        },
+      })
+    : await prisma.project.findFirst({
+        where: {
+          externalRef: validatedParams.projectRef,
+          organization: {
+            members: {
+              some: {
+                userId: authenticationResult.userId,
+              },
+            },
+          },
+        },
+        include: {
+          organization: true,
+        },
+      });
+
   if (!project) {
     return new Response("Not found", { status: 404 });
   }