foxerBN/crm-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Allow project team members to update projects, handle empty companyId

Browse Source 
- Relax project PATCH route from requireAdmin to checkProjectAccess
- Normalize empty string companyId to null in updateProject service to prevent UUID parse error

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
richardtekula
2026-01-26 11:41:36 +01:00
parent dd15be93a9
commit 929d0b461f
2 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/project.routes.js
View File

@@ -44,10 +44,10 @@ router.post(
projectController.createProject
);
// Update project (admin only)
// Update project (team members and admins)
router.patch(
'/:projectId',
requireAdmin,
checkProjectAccess,
validateParams(z.object({ projectId: z.string().uuid() })),
validateBody(updateProjectSchema),
projectController.updateProject

9
src/services/project.service.js
View File

@@ -157,12 +157,15 @@ export const updateProject = async (projectId, data) => {
const { name, description, companyId, status, startDate, endDate } = data;
// Treat empty string companyId as null (no company)
const resolvedCompanyId = companyId === '' ? null : companyId;
// If companyId is being changed, verify new company exists
if (companyId !== undefined && companyId !== null && companyId !== project.companyId) {
if (resolvedCompanyId !== undefined && resolvedCompanyId !== null && resolvedCompanyId !== project.companyId) {
const [company] = await db
.select()
.from(companies)
.where(eq(companies.id, companyId))
.where(eq(companies.id, resolvedCompanyId))
.limit(1);
if (!company) {
@@ -175,7 +178,7 @@ export const updateProject = async (projectId, data) => {
.set({
name: name !== undefined ? name : project.name,
description: description !== undefined ? description : project.description,
companyId: companyId !== undefined ? companyId : project.companyId,
companyId: resolvedCompanyId !== undefined ? resolvedCompanyId : project.companyId,
status: status !== undefined ? status : project.status,
startDate: startDate !== undefined ? (startDate ? new Date(startDate) : null) : project.startDate,
endDate: endDate !== undefined ? (endDate ? new Date(endDate) : null) : project.endDate,