fix: send project info only for PM and admin role users

hentrymartin · hentrymartin · commit 158e8d932ccc · 2025-09-02T15:46:26.000+02:00
diff --git a/src/routes/copilotOpportunity/list.js b/src/routes/copilotOpportunity/list.js
@@ -2,7 +2,7 @@ import _ from 'lodash';
 
 import models from '../../models';
 import util from '../../util';
-import DEFAULT_PAGE_SIZE from '../../constants';
+import DEFAULT_PAGE_SIZE, { USER_ROLE } from '../../constants';
 
 module.exports = [
   (req, res, next) => {
@@ -15,6 +15,7 @@ module.exports = [
       return util.handleError('Invalid sort criteria', null, req, next);
     }
     const sortParams = sort.split(' ');
+    const isAdminOrManager = util.hasRoles(req, [USER_ROLE.CONNECT_ADMIN, USER_ROLE.TOPCODER_ADMIN, USER_ROLE.PROJECT_MANAGER]);
 
     // Extract pagination parameters
     const page = parseInt(req.query.page, 10) || 1;
@@ -42,7 +43,7 @@ module.exports = [
     baseOrder.push([sortParams[0], sortParams[1]]);
 
     return models.CopilotOpportunity.findAll({
-      include: [
+      include: isAdminOrManager ?[
         {
           model: models.CopilotRequest,
           as: 'copilotRequest',
@@ -52,6 +53,11 @@ module.exports = [
           as: 'project',
           attributes: ['name'],
         },
+      ] : [
+        {
+          model: models.CopilotRequest,
+          as: 'copilotRequest',
+        }
       ],
       order: baseOrder,
       limit,
diff --git a/src/routes/copilotRequest/list.js b/src/routes/copilotRequest/list.js
@@ -4,7 +4,7 @@ import { Op, Sequelize } from 'sequelize';
 import models from '../../models';
 import util from '../../util';
 import { PERMISSION } from '../../permissions/constants';
-import { DEFAULT_PAGE_SIZE } from '../../constants';
+import { DEFAULT_PAGE_SIZE, USER_ROLE } from '../../constants';
 
 module.exports = [
   (req, res, next) => {
@@ -17,6 +17,8 @@ module.exports = [
       return next(err);
     }
 
+    const isAdminOrManager = util.hasRoles(req, [USER_ROLE.CONNECT_ADMIN, USER_ROLE.TOPCODER_ADMIN, USER_ROLE.PROJECT_MANAGER]);
+
     const page = parseInt(req.query.page, 10) || 1;
     const pageSize = parseInt(req.query.pageSize, 10) || DEFAULT_PAGE_SIZE; 
     const offset = (page - 1) * pageSize;
@@ -46,7 +48,7 @@ module.exports = [
     let order = [[sortParams[0], sortParams[1]]];
     const relationBasedSortParams = ['projectName'];
     const jsonBasedSortParams = ['opportunityTitle', 'projectType'];
-    if (relationBasedSortParams.includes(sortParams[0])) {
+    if (relationBasedSortParams.includes(sortParams[0]) && isAdminOrManager) {
       order = [
         [{model: models.Project, as: 'project'}, 'name', sortParams[1]],
         ['id', 'DESC']
@@ -64,9 +66,11 @@ module.exports = [
 
     return models.CopilotRequest.findAndCountAll({
       where: whereCondition,
-      include: [
+      include: isAdminOrManager ? [
         { model: models.CopilotOpportunity, as: 'copilotOpportunity', required: false },
         { model: models.Project, as: 'project', required: false },
+      ] : [
+        { model: models.CopilotOpportunity, as: 'copilotOpportunity', required: false },
       ],
       order,
       limit: pageSize,
