Add project context to analytics access verification (#1855)

cezudas · web-flow · commit 8ddb52e49fa4 · 2026-01-19T16:53:01.000+02:00
Fixes OPS-3446.
diff --git a/packages/server/api/src/app/authentication/analytics-authentication-service.ts b/packages/server/api/src/app/authentication/analytics-authentication-service.ts
@@ -14,8 +14,12 @@ export const analyticsAuthenticationService = {
 
   async authenticateAnalyticsRequest(
     userId: string,
+    projectId: string,
   ): Promise<AnalyticsAuthTokens> {
-    await getAnalyticsAccessService().verifyUserAnalyticsAccess(userId);
+    await getAnalyticsAccessService().verifyUserAnalyticsAccess(
+      userId,
+      projectId,
+    );
     const authTokens = await authenticateOpenOpsAnalyticsAdmin();
 
     return authTokens;
diff --git a/packages/server/api/src/app/authentication/analytics/access-service-factory.ts b/packages/server/api/src/app/authentication/analytics/access-service-factory.ts
@@ -1,7 +1,10 @@
 import { analyticsAccessService } from './access-service';
 
 export type AnalyticsAccessService = {
-  verifyUserAnalyticsAccess(openopsUserId: string): Promise<void> | void;
+  verifyUserAnalyticsAccess(
+    openopsUserId: string,
+    projectId: string,
+  ): Promise<void> | void;
 };
 
 export const getAnalyticsAccessService = (): AnalyticsAccessService => {
diff --git a/packages/server/api/src/app/authentication/analytics/access-service.ts b/packages/server/api/src/app/authentication/analytics/access-service.ts
@@ -1,5 +1,5 @@
 /* eslint-disable @typescript-eslint/no-empty-function */
 
 export const analyticsAccessService = {
-  verifyUserAnalyticsAccess(_: string): void {},
+  verifyUserAnalyticsAccess(openopsUserId: string, projectId: string): void {},
 };
diff --git a/packages/server/api/src/app/authentication/authentication.controller.ts b/packages/server/api/src/app/authentication/authentication.controller.ts
@@ -67,6 +67,7 @@ export const authenticationController: FastifyPluginAsyncTypebox = async (
       const { access_token } =
         await analyticsAuthenticationService.authenticateAnalyticsRequest(
           request.principal.id,
+          request.principal.projectId,
         );
 
       const embedId =
@@ -84,6 +85,7 @@ export const authenticationController: FastifyPluginAsyncTypebox = async (
         const { access_token } =
           await analyticsAuthenticationService.authenticateAnalyticsRequest(
             request.principal.id,
+            request.principal.projectId,
           );
 
         const guestToken =
