@learnpack/learnpack 5.0.344 → 5.0.346

package/src/utils/api.ts

@@ -353,20 +353,15 @@ export interface TAcademy {
   timezone: string;
 }
 
-const neededPermissions = [
-  "add_asset",
-  "change_asset",
-  "view_asset",
-  "delete_asset",
-]
+const CRUD_ASSET_CAPABILITY_URL = `${HOST}/v1/auth/user/me/capability/crud_asset`
 
 export const listUserAcademies = async (
   breathecodeToken: string
 ): Promise<TAcademy[]> => {
-  const url = "https://breathecode.herokuapp.com/v1/auth/user/me"
+  const meUrl = `${HOST}/v1/auth/user/me`
 
   try {
-    const response = await axios.get(url, {
+    const response = await axios.get(meUrl, {
       headers: {
         Authorization: `Token ${breathecodeToken}`,
       },
@@ -376,27 +371,47 @@ export const listUserAcademies = async (
 
     const academiesMap = new Map<number, TAcademy>()
 
+    if (!Array.isArray(data.roles)) {
+      return []
+    }
+
     for (const role of data.roles) {
       const academy = role.academy
+      if (!academy) continue
       if (!academiesMap.has(academy.id)) {
         academiesMap.set(academy.id, academy)
       }
     }
 
-    const permissions = new Set(data.permissions.map((p: any) => p.codename))
+    const academies = [...academiesMap.values()]
 
-    // Validate if the user has ALL the needed permissions
-    const hasAllPermissions = neededPermissions.every(permission =>
-      permissions.has(permission)
-    )
+    const allowed = await Promise.all(
+      academies.map(async academy => {
+        const capResponse = await axios.get(CRUD_ASSET_CAPABILITY_URL, {
+          headers: {
+            Authorization: `Token ${breathecodeToken}`,
+            Academy: academy.id,
+          },
+          validateStatus: () => true,
+        })
 
-    if (!hasAllPermissions) {
-      // The user does not have all the needed permissions
+        if (capResponse.status === 200) {
+          return academy
+        }
 
-      return []
-    }
+        if (capResponse.status !== 403) {
+          console.warn(
+            `listUserAcademies: unexpected status ${capResponse.status} for academy ${academy.id}`
+          )
+        }
+
+        return null
+      })
+    )
 
-    return [...academiesMap.values()]
+    const filtered = allowed.filter((a): a is TAcademy => a !== null)
+    filtered.sort((a, b) => a.name.localeCompare(b.name))
+    return filtered
   } catch (error) {
     console.error("Failed to fetch user academies:", error)
     return []
@@ -476,6 +491,15 @@ export const createAsset = async (token: string, asset: TAssetMissing) => {
     headers.Academy = String(asset.academy_id)
   }
 
+  console.log(
+    "[BC] POST",
+    url,
+    "| academy_id:",
+    asset.academy_id ?? "none",
+    "| slug:",
+    asset.slug
+  )
+
   try {
     const response = await axios.post(url, body, { headers })
     return response.data
@@ -518,6 +542,9 @@ const updateAsset = async (
   const headers = {
     Authorization: `Token ${token}`,
   }
+
+  console.log("[BC] PUT", url, "| academy_id:", asset.academy_id ?? "none")
+
   try {
     const response = await axios.put(url, asset, { headers })
     return response.data
@@ -593,7 +620,11 @@ type TTechnology = {
 
 let technologiesCache: TTechnology[] = []
 
-/** Strip .env comments (e.g. "token # comment") so the token is sent without spaces. */
+/**
+ * Strip .env comments (e.g. "token # comment") so the token is sent without spaces.
+ * @param token - Raw token value from env, possibly with trailing comment.
+ * @returns Trimmed token with inline `#` comments removed, or empty string if missing.
+ */
 function sanitizeToken(token: string | undefined): string {
   if (!token) return ""
   const trimmed = token.trim()