Allowing teammates to see emails (#206)

Author: fforres

src/authz/helpers.ts

@@ -44,6 +44,27 @@ export const isSuperAdminOrSelf = (root: USER, ctx: Context) => {
   return ctx.USER?.isSuperAdmin || ctx.USER?.id === root.id;
 };
 
+export const areUsersOnSameTeam = async (root: USER, ctx: Context) => {
+  const currentUserId = ctx.USER?.id;
+
+  if (!currentUserId) {
+    return false;
+  }
+
+  const teams = await ctx.DB.query.userTeamsSchema.findMany({
+    where: (uts, { eq, or }) =>
+      or(eq(uts.userId, root.id), eq(uts.userId, currentUserId)),
+  });
+
+  if (teams.length !== 2) {
+    return false;
+  }
+
+  const [user1, user2] = teams;
+
+  return user1.teamId === user2.teamId;
+};
+
 export const authHelpers = {
   isCommuntiyAdmin,
   isOwnerOfPurchaseOrder,

src/schema/user/types.ts

@@ -1,4 +1,4 @@
-import { isSuperAdminOrSelf } from "~/authz/helpers";
+import { areUsersOnSameTeam, isSuperAdminOrSelf } from "~/authz/helpers";
 import { builder } from "~/builder";
 import {
   AllowedUserTags,
@@ -33,10 +33,14 @@ builder.objectType(UserRef, {
     email: t.field({
       type: "String",
       nullable: true,
-      resolve: (root, args, ctx) => {
+      resolve: async (root, args, ctx) => {
         if (isSuperAdminOrSelf(root, ctx)) {
           return root.email;
         }
+
+        if (await areUsersOnSameTeam(root, ctx)) {
+          return root.email;
+        }
       },
     }),
     teams: t.field({