bulltrackers-module 1.0.558 → 1.0.560

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/functions/generic-api/user-api/helpers/dev/dev_helpers.js +16 -1
  2. package/functions/generic-api/user-api/helpers/metrics/personalized_metrics_helpers.js +59 -4
  3. package/functions/generic-api/user-api/helpers/profile/user_profile_helpers.js +12 -1
  4. package/package.json +1 -1
package/functions/generic-api/user-api/helpers/dev/dev_helpers.js CHANGED
@@ -290,6 +290,9 @@ async function getDevOverrideStatus(req, res, dependencies, config) {
290
290
  * Get the effective CID to use for a developer account
291
291
  * Returns impersonateCid if set, otherwise returns the actual userCid
292
292
  * Only works for developer accounts
293
+ *
294
+ * Note: If pretendToBePI is false, impersonation will not be used for PI-related checks
295
+ * to prevent unintended impersonation when the user doesn't want to pretend to be a PI
293
296
  */
294
297
  async function getEffectiveCid(db, userCid, config, logger = null) {
295
298
  if (!isDeveloperAccount(userCid)) {
@@ -297,8 +300,20 @@ async function getEffectiveCid(db, userCid, config, logger = null) {
297
300
  }
298
301
 
299
302
  const devOverride = await getDevOverride(db, userCid, config, logger);
300
- // Only use impersonation if dev override is enabled
303
+ // Only use impersonation if dev override is enabled AND impersonateCid is set
304
+ // BUT: If pretendToBePI is explicitly false, don't use impersonation (user doesn't want to be treated as PI)
301
305
  if (devOverride && devOverride.enabled && devOverride.impersonateCid) {
306
+ // Check if user explicitly doesn't want to pretend to be a PI
307
+ // If pretendToBePI is false, don't use impersonation (respects user intent)
308
+ if (devOverride.pretendToBePI === false) {
309
+ if (logger && logger.log) {
310
+ logger.log('INFO', `[getEffectiveCid] DEV OVERRIDE: User ${userCid} has impersonateCid set but pretendToBePI=false, using actual CID ${userCid} instead`);
311
+ } else {
312
+ console.log(`[getEffectiveCid] DEV OVERRIDE: User ${userCid} has impersonateCid set but pretendToBePI=false, using actual CID ${userCid} instead`);
313
+ }
314
+ return Number(userCid);
315
+ }
316
+
302
317
  if (logger && logger.log) {
303
318
  logger.log('INFO', `[getEffectiveCid] DEV OVERRIDE: User ${userCid} impersonating CID ${devOverride.impersonateCid}`);
304
319
  } else {
package/functions/generic-api/user-api/helpers/metrics/personalized_metrics_helpers.js CHANGED
@@ -96,9 +96,62 @@ async function getSignedInUserPIPersonalizedMetrics(req, res, dependencies, conf
96
96
  }
97
97
 
98
98
  try {
99
- const effectiveCid = await getEffectiveCid(db, userCid, config, logger);
100
99
  const devOverride = await getDevOverride(db, userCid, config, logger);
101
- const isImpersonating = devOverride && devOverride.enabled && devOverride.impersonateCid && effectiveCid !== Number(userCid);
100
+
101
+ // Also read raw Firestore data to check pretendToBePI value directly (in case of normalization issues)
102
+ let rawPretendToBePI = null;
103
+ if (devOverride && devOverride.enabled) {
104
+ try {
105
+ const devOverridesCollection = config.devOverridesCollection || 'dev_overrides';
106
+ const overrideDoc = await db.collection(devOverridesCollection).doc(String(userCid)).get();
107
+ if (overrideDoc.exists) {
108
+ const rawData = overrideDoc.data();
109
+ rawPretendToBePI = rawData.pretendToBePI; // Get raw value (could be false, true, undefined, etc.)
110
+ }
111
+ } catch (err) {
112
+ logger.log('WARN', `[getSignedInUserPIPersonalizedMetrics] Error reading raw dev override: ${err.message}`);
113
+ }
114
+ }
115
+
116
+ // For PI-related checks, respect pretendToBePI flag
117
+ // If pretendToBePI is false (either normalized or raw), use actual userCid even if impersonateCid is set
118
+ let effectiveCid;
119
+ let shouldCheckPI = true;
120
+
121
+ // Check if user explicitly doesn't want to pretend to be a PI
122
+ // Check both normalized value and raw value to be safe
123
+ const pretendToBePIValue = rawPretendToBePI !== undefined ? rawPretendToBePI : (devOverride ? devOverride.pretendToBePI : false);
124
+ const explicitlyNotPretending = pretendToBePIValue === false;
125
+
126
+ if (devOverride && devOverride.enabled && explicitlyNotPretending) {
127
+ // User explicitly doesn't want to pretend to be a PI
128
+ // Use actual CID and don't check PI status (user doesn't want to be treated as PI)
129
+ effectiveCid = Number(userCid);
130
+ shouldCheckPI = false; // Skip PI check since user doesn't want to pretend to be PI
131
+
132
+ logger.log('INFO', `[getSignedInUserPIPersonalizedMetrics] DEV OVERRIDE: User ${userCid} has pretendToBePI=false (raw: ${rawPretendToBePI}, normalized: ${devOverride.pretendToBePI}), skipping PI check and returning 404`);
133
+ } else {
134
+ // Use normal effective CID logic (may use impersonateCid if set)
135
+ effectiveCid = await getEffectiveCid(db, userCid, config, logger);
136
+ }
137
+
138
+ // Calculate isImpersonating based on whether we're actually using impersonation
139
+ // If pretendToBePI is false, we're not impersonating for PI purposes
140
+ // Only consider it impersonating if pretendToBePI is not explicitly false AND effectiveCid differs from userCid
141
+ const isImpersonating = shouldCheckPI &&
142
+ devOverride && devOverride.enabled && devOverride.impersonateCid &&
143
+ !explicitlyNotPretending && effectiveCid !== Number(userCid);
144
+
145
+ // If user explicitly doesn't want to pretend to be a PI, return 404 immediately
146
+ if (!shouldCheckPI) {
147
+ return res.status(404).json({
148
+ error: "Not a Popular Investor",
149
+ message: "This endpoint is only available for users who are Popular Investors",
150
+ effectiveCid: effectiveCid,
151
+ isImpersonating: false, // Not impersonating if pretendToBePI is false
152
+ actualCid: Number(userCid)
153
+ });
154
+ }
102
155
 
103
156
  // Check if user is a PI
104
157
  const rankEntry = await checkIfUserIsPI(db, effectiveCid, config, logger);
@@ -107,7 +160,8 @@ async function getSignedInUserPIPersonalizedMetrics(req, res, dependencies, conf
107
160
  error: "Not a Popular Investor",
108
161
  message: "This endpoint is only available for users who are Popular Investors",
109
162
  effectiveCid: effectiveCid,
110
- isImpersonating: isImpersonating || false
163
+ isImpersonating: isImpersonating || false,
164
+ actualCid: Number(userCid)
111
165
  });
112
166
  }
113
167
 
@@ -344,7 +398,8 @@ async function getSignedInUserPIPersonalizedMetrics(req, res, dependencies, conf
344
398
  isFallback: foundDate !== today,
345
399
  daysBackFromLatest: checkedDates.indexOf(foundDate),
346
400
  isImpersonating: isImpersonating || false,
347
- actualCid: Number(userCid)
401
+ actualCid: Number(userCid),
402
+ pretendToBePI: devOverride && devOverride.enabled ? (devOverride.pretendToBePI || false) : false
348
403
  });
349
404
 
350
405
  } catch (error) {
package/functions/generic-api/user-api/helpers/profile/user_profile_helpers.js CHANGED
@@ -128,8 +128,19 @@ async function checkIfUserIsPopularInvestor(req, res, dependencies, config) {
128
128
 
129
129
  try {
130
130
  // Check for dev override impersonation
131
- const effectiveCid = await getEffectiveCid(db, userCid, config, logger);
132
131
  const devOverride = await getDevOverride(db, userCid, config, logger);
132
+
133
+ // For PI-related checks, respect pretendToBePI flag
134
+ // If pretendToBePI is false, use actual userCid even if impersonateCid is set
135
+ let effectiveCid;
136
+ if (devOverride && devOverride.enabled && devOverride.pretendToBePI === false) {
137
+ // User explicitly doesn't want to pretend to be a PI, use actual CID
138
+ effectiveCid = Number(userCid);
139
+ } else {
140
+ // Use normal effective CID logic (may use impersonateCid if set)
141
+ effectiveCid = await getEffectiveCid(db, userCid, config, logger);
142
+ }
143
+
133
144
  const isImpersonating = devOverride && devOverride.enabled && devOverride.impersonateCid && effectiveCid !== Number(userCid);
134
145
 
135
146
  // Use effective CID (impersonated or actual) to check PI status
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "bulltrackers-module",
3
- "version": "1.0.558",
3
+ "version": "1.0.560",
4
4
  "description": "Helper Functions for Bulltrackers.",
5
5
  "main": "index.js",
6
6
  "files": [