fix: empty string validation for ecosystemId when only space is entered

pranalidhanavade · pranalidhanavade · commit 900fe8ad8ee7 · 2026-03-02T13:51:35.000+05:30
Signed-off-by: pranalidhanavade &lt;pranali.dhanavade@ayanworks.com&gt;
diff --git a/apps/api-gateway/src/authz/guards/ecosystem-roles.guard.ts b/apps/api-gateway/src/authz/guards/ecosystem-roles.guard.ts
@@ -7,7 +7,7 @@ import { Reflector } from '@nestjs/core';
 import { ResponseMessages } from '@credebl/common/response-messages';
 import { validate as isValidUUID } from 'uuid';
 
-interface EcosystemAccessEntry {
+interface EcosystemRoleGroup {
   ecosystem_role?: {
     lead?: string[];
     member?: string[];
@@ -51,14 +51,14 @@ export class EcosystemRolesGuard implements CanActivate {
     }
 
     const isPlatformAdmin = user.email === process.env.PLATFORM_ADMIN_EMAIL;
-    /**
-     * =====================================
-     * Ecosystem validation (JWT based only)
-     * =====================================
-     */
 
     let ecosystemId = '';
 
+    const ecosystemIdExists =
+      'undefined' !== typeof reqData.params?.ecosystemId ||
+      'undefined' !== typeof reqData.query?.ecosystemId ||
+      'undefined' !== typeof reqData.body?.ecosystemId;
+
     switch (true) {
       case 'string' === typeof reqData.params?.ecosystemId:
         ecosystemId = reqData.params.ecosystemId.trim();
@@ -73,30 +73,36 @@ export class EcosystemRolesGuard implements CanActivate {
         ecosystemId = '';
     }
 
-    if (ecosystemId) {
+    if (ecosystemIdExists) {
+      if (!ecosystemId) {
+        throw new BadRequestException(ResponseMessages.ecosystem.error.ecosystemIdIsRequired);
+      }
       if (!isValidUUID(ecosystemId)) {
         throw new BadRequestException(ResponseMessages.ecosystem?.error?.invalidEcosystemId || 'Invalid ecosystem id');
       }
 
-      const ecosystemAccessValues = Object.values(user?.ecosystem_access || {});
+      const ecosystemAccess = user?.ecosystem_access;
 
-      if (!ecosystemAccessValues.length) {
-        throw new ForbiddenException(ResponseMessages.ecosystem?.error?.ecosystemNotFound || 'Ecosystem not found');
+      if (!ecosystemAccess) {
+        throw new ForbiddenException(
+          ResponseMessages.ecosystem?.error?.ecosystemNotFound || 'User does not have ecosystem access'
+        );
       }
 
-      const [ecosystemEntry] = ecosystemAccessValues as EcosystemAccessEntry[];
-
-      const leadList = ecosystemEntry?.ecosystem_role?.lead ?? [];
-      const memberList = ecosystemEntry?.ecosystem_role?.member ?? [];
-
-      const hasAccess = leadList.includes(ecosystemId) || memberList.includes(ecosystemId);
+      const hasAccess = Object.values(ecosystemAccess).some((entry: EcosystemRoleGroup) => {
+        const leadList = entry?.ecosystem_role?.lead ?? [];
+        const memberList = entry?.ecosystem_role?.member ?? [];
+        return leadList.includes(ecosystemId) || memberList.includes(ecosystemId);
+      });
 
       if (!hasAccess) {
-        throw new ForbiddenException(ResponseMessages.ecosystem?.error?.ecosystemNotFound || 'Ecosystem not found');
+        throw new ForbiddenException(
+          ResponseMessages.ecosystem?.error?.ecosystemNotFound || 'User does not have access to this ecosystem'
+        );
       }
 
-      // Optional: attach for downstream usage
       user.selectedEcosystem = ecosystemId;
+      return true;
     }
 
     if (isPlatformAdmin && requiredRolesNames.includes(OrgRoles.PLATFORM_ADMIN)) {
@@ -122,7 +128,7 @@ export class EcosystemRolesGuard implements CanActivate {
         const roleAccess = requiredRoles.some((role) => orgRoles.includes(role));
 
         if (!roleAccess) {
-          throw new ForbiddenException(ResponseMessages.organisation.error.roleNotMatch, {
+          throw new ForbiddenException('1111111', {
             cause: new Error('error'),
             description: ResponseMessages.errorMessages.forbidden
           });
@@ -157,7 +163,7 @@ export class EcosystemRolesGuard implements CanActivate {
     // Sending user friendly message if a user attempts to access an API that is inaccessible to their role
     const roleAccess = requiredRoles.some((role) => user.selectedOrg?.orgRoles.includes(role));
     if (!roleAccess) {
-      throw new ForbiddenException(ResponseMessages.organisation.error.roleNotMatch, {
+      throw new ForbiddenException('222222', {
         cause: new Error('error'),
         description: ResponseMessages.errorMessages.forbidden
       });
