Merge pull request #97 from chrispoupart/fix/assigned-quest-bug

chrispoupart · web-flow · commit aac9a012140d · 2025-07-12T18:21:23.000-04:00
feat(authorization): 🛂 add role-based quest filtering
diff --git a/backend/src/controllers/dashboardController.ts b/backend/src/controllers/dashboardController.ts
@@ -180,6 +180,7 @@ export class DashboardController {
     static async getQuestListing(req: Request, res: Response): Promise<void> {
         try {
             const userId = (req as any).user?.userId;
+            const userRole = (req as any).user?.role;
             if (!userId) {
                 res.status(401).json({
                     success: false,
@@ -192,21 +193,40 @@ export class DashboardController {
             const skip = (parseInt(page as string) - 1) * parseInt(limit as string);
 
             // Build where clause
-            const whereClause: any = {};
+            const whereConditions: any[] = [];
 
             // Filter by status
             if (status && status !== 'all') {
-                whereClause.status = status;
+                whereConditions.push({ status: status });
             }
 
             // Search functionality
             if (search && typeof search === 'string') {
-                whereClause.OR = [
-                    { title: { contains: search, mode: 'insensitive' } },
-                    { description: { contains: search, mode: 'insensitive' } }
-                ];
+                whereConditions.push({
+                    OR: [
+                        { title: { contains: search, mode: 'insensitive' } },
+                        { description: { contains: search, mode: 'insensitive' } }
+                    ]
+                });
+            }
+
+            // Filter quests based on user role and assignment
+            if (userRole !== 'ADMIN') {
+                whereConditions.push({
+                    OR: [{ userId: null }, { userId: userId }],
+                });
             }
 
+            // Exclude expired quests (dueDate in the past)
+            whereConditions.push({
+                OR: [
+                    { dueDate: null },
+                    { dueDate: { gte: new Date() } }
+                ]
+            });
+
+            const whereClause = whereConditions.length > 0 ? { AND: whereConditions } : {};
+
             // Get quests with pagination
             const [quests, totalCount] = await Promise.all([
                 prisma.quest.findMany({
@@ -234,6 +254,14 @@ export class DashboardController {
                                 characterName: true,
                                 avatarUrl: true,
                             }
+                        },
+                        personalizedFor: { // Assigned user
+                            select: {
+                                id: true,
+                                name: true,
+                                characterName: true,
+                                avatarUrl: true,
+                            }
                         }
                     }
                 }),
diff --git a/backend/src/controllers/questController.ts b/backend/src/controllers/questController.ts
@@ -899,6 +899,7 @@ export class QuestController {
     static async getRepeatableQuests(req: Request, res: Response): Promise<void> {
         try {
             const userId = (req as any).user?.userId;
+            const userRole = (req as any).user?.role;
             if (!userId) {
                 res.status(401).json({ success: false, error: { message: 'User not authenticated' } });
                 return;
@@ -908,12 +909,32 @@ export class QuestController {
             const limit = parseInt(req.query['limit'] as string) || 10;
             const skip = (page - 1) * limit;
 
-            // Get ALL repeatable quests (both available and on cooldown)
+            // Build where conditions
+            const whereConditions: any[] = [
+                { isRepeatable: true },
+                { status: { in: ['AVAILABLE', 'COOLDOWN'] } }
+            ];
+
+            // Filter quests based on user role and assignment
+            if (userRole !== 'ADMIN') {
+                whereConditions.push({
+                    OR: [{ userId: null }, { userId: userId }],
+                });
+            }
+
+            // Exclude expired quests (dueDate in the past)
+            whereConditions.push({
+                OR: [
+                    { dueDate: null },
+                    { dueDate: { gte: new Date() } }
+                ]
+            });
+
+            const where = { AND: whereConditions };
+
+            // Get repeatable quests with proper filtering
             const repeatableQuests = await prisma.quest.findMany({
-                where: {
-                    isRepeatable: true,
-                    status: { in: ['AVAILABLE', 'COOLDOWN'] },
-                },
+                where,
                 include: {
                     creator: {
                         select: {
@@ -924,6 +945,14 @@ export class QuestController {
                             characterName: true,
                             avatarUrl: true,
                         }
+                    },
+                    personalizedFor: { // Assigned user
+                        select: {
+                            id: true,
+                            name: true,
+                            characterName: true,
+                            avatarUrl: true,
+                        }
                     }
                 },
                 orderBy: { createdAt: 'desc' },
