@open-mercato/core 0.6.6-develop.5751.1.39143f001b → 0.6.6-develop.5757.1.f5cc26cf92

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -50,50 +50,47 @@ export async function resolveAllowedWidgetIds(
50
50
  }
51
51
  }
52
52
 
53
- if (allowedByUser && allowedByUser.size === 0) {
54
- return Array.from(allowedByUser)
55
- }
56
-
57
- // Aggregate role-level settings
58
- const userRoles = await findWithDecryption(
59
- em,
60
- UserRole,
61
- { user: ctx.userId as any, deletedAt: null },
62
- { populate: ['role'] },
63
- { tenantId: ctx.tenantId, organizationId: ctx.organizationId },
64
- )
65
- const roleRecords = await em.find(DashboardRoleWidgets, {
66
- roleId: { $in: userRoles.map((ur) => String(ur.role?.id || ur.role)) },
67
- deletedAt: null,
68
- })
53
+ let baseSet: Set<string>
54
+ if (allowedByUser) {
55
+ // A user override fully determines visibility, so role-level lookups would
56
+ // be discarded — skip them entirely. An empty override is handled by the
57
+ // shared `baseSet.size === 0` guard below.
58
+ baseSet = allowedByUser
59
+ } else {
60
+ // No user override: aggregate role-level settings.
61
+ const userRoles = await findWithDecryption(
62
+ em,
63
+ UserRole,
64
+ { user: ctx.userId as any, deletedAt: null },
65
+ { populate: ['role'] },
66
+ { tenantId: ctx.tenantId, organizationId: ctx.organizationId },
67
+ )
68
+ const roleRecords = await em.find(DashboardRoleWidgets, {
69
+ roleId: { $in: userRoles.map((ur) => String(ur.role?.id || ur.role)) },
70
+ deletedAt: null,
71
+ })
69
72
 
70
- const byRole = new Map<string, DashboardRoleWidgets>()
71
- for (const record of roleRecords) {
72
- const role = String(record.roleId)
73
- if (record.tenantId && ctx.tenantId && record.tenantId !== ctx.tenantId) continue
74
- if (record.tenantId && !ctx.tenantId) continue
75
- if (record.organizationId && ctx.organizationId && record.organizationId !== ctx.organizationId) continue
76
- if (record.organizationId && !ctx.organizationId) continue
77
- const current = byRole.get(role)
78
- if (!current || specificity(record) > specificity(current)) {
79
- byRole.set(role, record)
73
+ const byRole = new Map<string, DashboardRoleWidgets>()
74
+ for (const record of roleRecords) {
75
+ const role = String(record.roleId)
76
+ if (record.tenantId && ctx.tenantId && record.tenantId !== ctx.tenantId) continue
77
+ if (record.tenantId && !ctx.tenantId) continue
78
+ if (record.organizationId && ctx.organizationId && record.organizationId !== ctx.organizationId) continue
79
+ if (record.organizationId && !ctx.organizationId) continue
80
+ const current = byRole.get(role)
81
+ if (!current || specificity(record) > specificity(current)) {
82
+ byRole.set(role, record)
83
+ }
80
84
  }
81
- }
82
85
 
83
- const allowedByRole = new Set<string>()
84
- for (const record of byRole.values()) {
85
- for (const id of record.widgetIdsJson) {
86
- if (allWidgetIds.includes(id)) allowedByRole.add(id)
86
+ const allowedByRole = new Set<string>()
87
+ for (const record of byRole.values()) {
88
+ for (const id of record.widgetIdsJson) {
89
+ if (allWidgetIds.includes(id)) allowedByRole.add(id)
90
+ }
87
91
  }
88
- }
89
92
 
90
- let baseSet: Set<string>
91
- if (allowedByUser) {
92
- baseSet = allowedByUser
93
- } else if (allowedByRole.size > 0) {
94
- baseSet = allowedByRole
95
- } else {
96
- baseSet = new Set(allWidgetIds)
93
+ baseSet = allowedByRole.size > 0 ? allowedByRole : new Set(allWidgetIds)
97
94
  }
98
95
 
99
96
  if (baseSet.size === 0) return []