web/core/local-db/utils/query-sanitizer.ts.ts

// plane constants
import { EUserPermissions } from "@plane/constants";
import { TIssueParams } from "@plane/types";
// root store
import { rootStore } from "@/lib/store-context";

export const sanitizeWorkItemQueries = (
  workspaceSlug: string,
  projectId: string,
  queries: Partial<Record<TIssueParams, string | boolean>> | undefined
): Partial<Record<TIssueParams, string | boolean>> | undefined => {
  // Get current project details and user id and role for the project
  const currentProject = rootStore.projectRoot.project.getProjectById(projectId);
  const currentUserId = rootStore.user.data?.id;
  const currentUserRole = rootStore.user.permission.getProjectRoleByWorkspaceSlugAndProjectId(workspaceSlug, projectId);

  // Only apply this restriction for guests when guest_view_all_features is disabled
  if (
    currentUserId &&
    currentUserRole === EUserPermissions.GUEST &&
    currentProject?.guest_view_all_features === false
  ) {
    // Sanitize the created_by filter if it doesn't exist or if it exists and includes the current user id
    const existingCreatedByFilter = queries?.created_by;
    const shouldApplyFilter =
      !existingCreatedByFilter ||
      (typeof existingCreatedByFilter === "string" && existingCreatedByFilter.includes(currentUserId));

    if (shouldApplyFilter) {
      queries = {
        ...queries,
        created_by: currentUserId,
      };
    }
  }

  return queries;
};
[WEB-3597] fix: guest work item view access when hyper mode is enabled (#6785) * [WEB-3597] fix: guest work item view access when hyper mode is enabled * fix: only show work item created by the guest user if the guest_view_all_features is disabled 2025-03-20 19:43:40 +05:30			`// plane constants`
			`import { EUserPermissions } from "@plane/constants";`
			`import { TIssueParams } from "@plane/types";`
			`// root store`
			`import { rootStore } from "@/lib/store-context";`

			`export const sanitizeWorkItemQueries = (`
			`workspaceSlug: string,`
			`projectId: string,`
			`queries: Partial<Record<TIssueParams, string \| boolean>> \| undefined`
			`): Partial<Record<TIssueParams, string \| boolean>> \| undefined => {`
			`// Get current project details and user id and role for the project`
			`const currentProject = rootStore.projectRoot.project.getProjectById(projectId);`
			`const currentUserId = rootStore.user.data?.id;`
[WEB-3964] refactor: permission layer (#7094) * refactor: permission layer * refactor: add original_role to project member serializer * chore: minor fixes related to permission layer * fix: strict type checking while checking user permissions 2025-05-30 19:57:07 +05:30			`const currentUserRole = rootStore.user.permission.getProjectRoleByWorkspaceSlugAndProjectId(workspaceSlug, projectId);`
[WEB-3597] fix: guest work item view access when hyper mode is enabled (#6785) * [WEB-3597] fix: guest work item view access when hyper mode is enabled * fix: only show work item created by the guest user if the guest_view_all_features is disabled 2025-03-20 19:43:40 +05:30
			`// Only apply this restriction for guests when guest_view_all_features is disabled`
			`if (`
			`currentUserId &&`
			`currentUserRole === EUserPermissions.GUEST &&`
			`currentProject?.guest_view_all_features === false`
			`) {`
			`// Sanitize the created_by filter if it doesn't exist or if it exists and includes the current user id`
			`const existingCreatedByFilter = queries?.created_by;`
			`const shouldApplyFilter =`
			`!existingCreatedByFilter \|\|`
			`(typeof existingCreatedByFilter === "string" && existingCreatedByFilter.includes(currentUserId));`

			`if (shouldApplyFilter) {`
			`queries = {`
			`...queries,`
			`created_by: currentUserId,`
			`};`
			`}`
			`}`

			`return queries;`
			`};`