Krow/Krow-workspace
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

validating data

Browse Source
This commit is contained in:
José Salazar
2025-12-03 13:35:20 -05:00
parent 269019e588
commit ef88639463
4 changed files with 56 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
frontend-web/dataconnect-naming-and-enum-findings.md → dataconnect-naming-and-enum-findings.md
View File

2
frontend-web/src/api/krowSDK.js
View File

@@ -22,7 +22,7 @@ const authModule = {
// (because your Krow user metadata is stored in the "users" table)
let krowUser = null;
try {
const response = await dcSdk.getUser(dataConnect, { id: fbUser.uid });
const response = await dcSdk.getUserById(dataConnect, { id: fbUser.uid });
krowUser = response.data?.user || null;
} catch (err) {
console.warn("Krow user not found in DataConnect, returning Firebase-only info.");

8
frontend-web/src/pages/CreateEvent.jsx
View File

@@ -1,5 +1,5 @@
import React from "react";
import { base44 } from "@/api/base44Client";
import { krowSDK } from "@/api/krowSDK";
import { useMutation, useQueryClient, useQuery } from "@tanstack/react-query";
import { useNavigate } from "react-router-dom";
import { createPageUrl } from "@/utils";
@@ -21,17 +21,17 @@ export default function CreateEvent() {
const { data: currentUser } = useQuery({
queryKey: ['current-user-create-event'],
queryFn: () => base44.auth.me(),
queryFn: () => krowSDK.auth.me(),
});
const { data: allEvents = [] } = useQuery({
queryKey: ['events-for-conflict-check'],
queryFn: () => base44.entities.Event.list(),
queryFn: () => krowSDK.entities.Event.list(),
initialData: [],
});
const createEventMutation = useMutation({
mutationFn: (eventData) => base44.entities.Event.create(eventData),
mutationFn: (eventData) => krowSDK.entities.Event.create(eventData),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ['events'] });
queryClient.invalidateQueries({ queryKey: ['client-events'] });

94
frontend-web/src/pages/Teams.jsx
View File

@@ -1,5 +1,5 @@
import React, { useState, useEffect } from "react";
import { base44 } from "@/api/base44Client";
import { krowSDK } from "@/api/krowSDK";
import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query";
import { Link, useNavigate } from "react-router-dom";
import { createPageUrl } from "@/utils";
@@ -79,7 +79,7 @@ export default function Teams() {
const { data: user } = useQuery({
queryKey: ['current-user-teams'],
queryFn: () => base44.auth.me(),
queryFn: () => krowSDK.auth.me(),
});
const userRole = user?.user_role || user?.role;
@@ -100,7 +100,7 @@ export default function Teams() {
*/
const { data: userTeam } = useQuery({
queryKey: ['user-team', user?.id, userRole],
queryFn: async () => {
queryFn: async () => {debugger;
if (!user?.id) {
console.warn("⚠️ No user ID found - cannot fetch team");
return null;
@@ -108,13 +108,15 @@ export default function Teams() {
// SECURITY: Fetch ALL teams and filter by owner_id
// This ensures only THIS user's team is returned
const allTeams = await base44.entities.Team.list('-created_date');
const result = await krowSDK.entities.Team.list('-created_date');
const allTeams = result?.data?.teams ?? [];//new, get array from object
// Find ONLY teams owned by this specific user
let team = allTeams.find(t => t.owner_id === user.id);
debugger;
// ISOLATION VERIFICATION
if (team && team.owner_id !== user.id) {
if (team && team.ownerId !== user.id) {//it had team.owner_id I changed it to team.ownerId
console.error("🚨 SECURITY VIOLATION: Team owner mismatch!");
return null;
}
@@ -122,23 +124,29 @@ export default function Teams() {
// Auto-create team if doesn't exist (first time user accesses Teams)
if (!team && user.id) {
console.log(`✅ Creating new isolated team for ${userRole} user: ${user.email}`);
const teamName = user.company_name || `${user.full_name}'s Team` || "My Team";
team = await base44.entities.Team.create({
team_name: teamName,
owner_id: user.id, // CRITICAL: Links team to THIS user only
owner_name: user.full_name || user.email,
owner_role: userRole, // Tracks which layer this team belongs to
email: user.email,
phone: user.phone || "",
total_members: 0,
active_members: 0,
total_hubs: 0,
favorite_staff_count: 0,
blocked_staff_count: 0,
departments: [], // Initialize with an empty array for departments
});
const teamName = user.companyName || `${user.fullName}'s Team` || "My Team";
try {
team = await krowSDK.entities.Team.create({
data: {
teamName: teamName,
ownerId: user.id, // CRITICAL: Links team to THIS user only
ownerName: user.fullName || user.email,
ownerRole: userRole, // Tracks which layer this team belongs to
//email: user.email,
//phone: user.phone || "",
//totalMembers: 0,
//active_members: 0,
//total_hubs: 0,
favoriteStaff: 0,//favoriteStaff_count: 0,
blockedStaff: 0,//blockedStaff_count: 0,
//departments: [], // Initialize with an empty array for departments
}
});
} catch (err) {
console.log('🔥 Error in user-team queryFn:', err);
throw err; // deja que React Query lo maneje como error
}
console.log(`✅ Team created successfully for ${userRole}: ${team.id}`);
}
@@ -177,7 +185,7 @@ export default function Teams() {
}
// Fetch all members and filter by team_id
const allMembers = await base44.entities.TeamMember.list('-created_date');
const allMembers = await krowSDK.entities.TeamMember.list('-created_date');
// SECURITY: Only return members that belong to THIS user's team
const filteredMembers = allMembers.filter(m => m.team_id === userTeam.id);
@@ -202,7 +210,7 @@ export default function Teams() {
queryKey: ['team-invites', userTeam?.id],
queryFn: async () => {
if (!userTeam?.id) return [];
const allInvites = await base44.entities.TeamMemberInvite.list('-invited_date');
const allInvites = await krowSDK.entities.TeamMemberInvite.list('-invited_date');
return allInvites.filter(inv => inv.team_id === userTeam.id && inv.invite_status === 'pending');
},
enabled: !!userTeam?.id,
@@ -211,7 +219,7 @@ export default function Teams() {
const { data: allStaff = [] } = useQuery({
queryKey: ['staff-for-favorites'],
queryFn: () => base44.entities.Staff.list(),
queryFn: () => krowSDK.entities.Staff.list(),
enabled: !!userTeam?.id,
initialData: [],
});
@@ -220,7 +228,7 @@ export default function Teams() {
queryKey: ['team-hubs-main', userTeam?.id],
queryFn: async () => {
if (!userTeam?.id) return [];
const allHubs = await base44.entities.TeamHub.list('-created_date');
const allHubs = await krowSDK.entities.TeamHub.list('-created_date');
return allHubs.filter(h => h.team_id === userTeam.id);
},
enabled: !!userTeam?.id,
@@ -251,7 +259,7 @@ export default function Teams() {
const firstHub = teamHubs.length > 0 ? teamHubs[0].hub_name : "";
const firstDept = uniqueDepartments.length > 0 ? uniqueDepartments[0] : "Operations";
const invite = await base44.entities.TeamMemberInvite.create({
const invite = await krowSDK.entities.TeamMemberInvite.create({
team_id: userTeam.id,
team_name: userTeam.team_name || "Team",
invite_code: inviteCode,
@@ -295,7 +303,7 @@ export default function Teams() {
if (data.hub && !existingHub) {
// Create new hub with department
await base44.entities.TeamHub.create({
await krowSDK.entities.TeamHub.create({
team_id: userTeam.id,
hub_name: data.hub,
address: "",
@@ -309,7 +317,7 @@ export default function Teams() {
const departmentExists = hubDepartments.some(d => d.department_name === data.department);
if (!departmentExists) {
await base44.entities.TeamHub.update(existingHub.id, {
await krowSDK.entities.TeamHub.update(existingHub.id, {
departments: [...hubDepartments, { department_name: data.department, cost_center: "" }]
});
queryClient.invalidateQueries({ queryKey: ['team-hubs-main', userTeam?.id] });
@@ -318,7 +326,7 @@ export default function Teams() {
const inviteCode = `TEAM-${Math.floor(10000 + Math.random() * 90000)}`;
const invite = await base44.entities.TeamMemberInvite.create({
const invite = await krowSDK.entities.TeamMemberInvite.create({
team_id: userTeam.id,
team_name: userTeam.team_name || "Team",
invite_code: inviteCode,
@@ -335,7 +343,7 @@ export default function Teams() {
const registerUrl = `${window.location.origin}${createPageUrl('Onboarding')}?invite=${inviteCode}`;
await base44.integrations.Core.SendEmail({
await krowSDK.integrations.Core.SendEmail({
from_name: userTeam.team_name || "KROW",
to: data.email,
subject: `🚀 Welcome to KROW! You've been invited to ${data.hub || userTeam.team_name}`,
@@ -439,7 +447,7 @@ export default function Teams() {
mutationFn: async (invite) => {
const registerUrl = `${window.location.origin}${createPageUrl('Onboarding')}?invite=${invite.invite_code}`;
await base44.integrations.Core.SendEmail({
await krowSDK.integrations.Core.SendEmail({
from_name: userTeam.team_name || "Team",
to: invite.email,
subject: `Reminder: You're invited to join ${userTeam.team_name || 'our team'}!`,
@@ -501,7 +509,7 @@ export default function Teams() {
});
const updateMemberMutation = useMutation({
mutationFn: ({ id, data }) => base44.entities.TeamMember.update(id, data),
mutationFn: ({ id, data }) => krowSDK.entities.TeamMember.update(id, data),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ['team-members', userTeam?.id] });
setShowEditMemberDialog(false);
@@ -514,7 +522,7 @@ export default function Teams() {
});
const deactivateMemberMutation = useMutation({
mutationFn: ({ id }) => base44.entities.TeamMember.update(id, { is_active: false }),
mutationFn: ({ id }) => krowSDK.entities.TeamMember.update(id, { is_active: false }),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ['team-members', userTeam?.id] });
toast({
@@ -525,7 +533,7 @@ export default function Teams() {
});
const activateMemberMutation = useMutation({
mutationFn: ({ id }) => base44.entities.TeamMember.update(id, { is_active: true }),
mutationFn: ({ id }) => krowSDK.entities.TeamMember.update(id, { is_active: true }),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ['team-members', userTeam?.id] });
toast({
@@ -607,7 +615,7 @@ export default function Teams() {
}
// Update the team with new departments list
await base44.entities.Team.update(userTeam.id, {
await krowSDK.entities.Team.update(userTeam.id, {
departments: updatedDepartments
});
@@ -638,7 +646,7 @@ export default function Teams() {
const currentDepartments = userTeam.departments || [];
const updatedDepartments = currentDepartments.filter(dept => dept !== deptToDelete);
await base44.entities.Team.update(userTeam.id, {
await krowSDK.entities.Team.update(userTeam.id, {
departments: updatedDepartments
});
@@ -658,7 +666,7 @@ export default function Teams() {
};
const updateTeamMutation = useMutation({
mutationFn: ({ id, data }) => base44.entities.Team.update(id, data),
mutationFn: ({ id, data }) => krowSDK.entities.Team.update(id, data),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ['user-team', user?.id, userRole] });
toast({
@@ -761,7 +769,7 @@ export default function Teams() {
}, [isGoogleMapsLoaded, showAddHubDialog]);
const createHubMutation = useMutation({
mutationFn: (hubData) => base44.entities.TeamHub.create({
mutationFn: (hubData) => krowSDK.entities.TeamHub.create({
...hubData,
team_id: userTeam.id,
is_active: true
@@ -2370,14 +2378,14 @@ export default function Teams() {
size="lg"
onClick={async () => {
const updatedDepartments = [...(selectedHubForDept.departments || []), newHubDepartment];
await base44.entities.TeamHub.update(selectedHubForDept.id, {
await krowSDK.entities.TeamHub.update(selectedHubForDept.id, {
departments: updatedDepartments
});
// Also add department to team's global department list
const teamDepartments = userTeam?.departments || [];
if (!teamDepartments.includes(newHubDepartment.department_name)) {
await base44.entities.Team.update(userTeam.id, {
await krowSDK.entities.Team.update(userTeam.id, {
departments: [...teamDepartments, newHubDepartment.department_name]
});
queryClient.invalidateQueries({ queryKey: ['user-team', user?.id, userRole] });