Skip to content

Commit e3edb2d

Browse files
fullenifulleni
committed
fix(auth): Add owned data permissions for guest
- Guest can manage owned data - Pass userId for scoping
1 parent dd1b016 commit e3edb2d

File tree

2 files changed

+21
-5
lines changed

2 files changed

+21
-5
lines changed

lib/src/rbac/role_permissions.dart

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,10 @@ final Map<UserRole, Set<String>> rolePermissions = {
6767
Permissions.categoryRead,
6868
Permissions.sourceRead,
6969
Permissions.countryRead,
70-
// Add other permissions for guest users as needed
70+
// Standard users can manage their own anonymous-owned data
71+
Permissions.appSettingsReadOwned,
72+
Permissions.appSettingsUpdateOwned,
73+
Permissions.userPreferencesReadOwned,
74+
Permissions.userPreferencesUpdateOwned,
7175
},
7276
};

lib/src/services/auth_service.dart

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -130,12 +130,18 @@ class AuthService {
130130

131131
// Create default UserAppSettings for the new user
132132
final defaultAppSettings = UserAppSettings(id: user.id);
133-
await _userAppSettingsRepository.create(item: defaultAppSettings);
133+
await _userAppSettingsRepository.create(
134+
item: defaultAppSettings,
135+
userId: user.id, // Pass user ID for scoping
136+
);
134137
print('Created default UserAppSettings for user: ${user.id}');
135138

136139
// Create default UserContentPreferences for the new user
137140
final defaultUserPreferences = UserContentPreferences(id: user.id);
138-
await _userContentPreferencesRepository.create(item: defaultUserPreferences);
141+
await _userContentPreferencesRepository.create(
142+
item: defaultUserPreferences,
143+
userId: user.id, // Pass user ID for scoping
144+
);
139145
print('Created default UserContentPreferences for user: ${user.id}');
140146
}
141147
} on HtHttpException catch (e) {
@@ -189,12 +195,18 @@ class AuthService {
189195

190196
// Create default UserAppSettings for the new anonymous user
191197
final defaultAppSettings = UserAppSettings(id: user.id);
192-
await _userAppSettingsRepository.create(item: defaultAppSettings);
198+
await _userAppSettingsRepository.create(
199+
item: defaultAppSettings,
200+
userId: user.id, // Pass user ID for scoping
201+
);
193202
print('Created default UserAppSettings for anonymous user: ${user.id}');
194203

195204
// Create default UserContentPreferences for the new anonymous user
196205
final defaultUserPreferences = UserContentPreferences(id: user.id);
197-
await _userContentPreferencesRepository.create(item: defaultUserPreferences);
206+
await _userContentPreferencesRepository.create(
207+
item: defaultUserPreferences,
208+
userId: user.id, // Pass user ID for scoping
209+
);
198210
print('Created default UserContentPreferences for anonymous user: ${user.id}');
199211

200212
// 2. Generate token

0 commit comments

Comments
 (0)