From ef88639463665fdc9455924e19f9844f132de114 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Salazar?= <73718835+joshrs23@users.noreply.github.com> Date: Wed, 3 Dec 2025 13:35:20 -0500 Subject: [PATCH] validating data --- ...=> dataconnect-naming-and-enum-findings.md | 0 frontend-web/src/api/krowSDK.js | 2 +- frontend-web/src/pages/CreateEvent.jsx | 8 +- frontend-web/src/pages/Teams.jsx | 94 ++++++++++--------- 4 files changed, 56 insertions(+), 48 deletions(-) rename frontend-web/dataconnect-naming-and-enum-findings.md => dataconnect-naming-and-enum-findings.md (100%) diff --git a/frontend-web/dataconnect-naming-and-enum-findings.md b/dataconnect-naming-and-enum-findings.md similarity index 100% rename from frontend-web/dataconnect-naming-and-enum-findings.md rename to dataconnect-naming-and-enum-findings.md diff --git a/frontend-web/src/api/krowSDK.js b/frontend-web/src/api/krowSDK.js index f1923ce8..61ad8b43 100644 --- a/frontend-web/src/api/krowSDK.js +++ b/frontend-web/src/api/krowSDK.js @@ -22,7 +22,7 @@ const authModule = { // (because your Krow user metadata is stored in the "users" table) let krowUser = null; try { - const response = await dcSdk.getUser(dataConnect, { id: fbUser.uid }); + const response = await dcSdk.getUserById(dataConnect, { id: fbUser.uid }); krowUser = response.data?.user || null; } catch (err) { console.warn("Krow user not found in DataConnect, returning Firebase-only info."); diff --git a/frontend-web/src/pages/CreateEvent.jsx b/frontend-web/src/pages/CreateEvent.jsx index 3f90b174..78cdaee4 100644 --- a/frontend-web/src/pages/CreateEvent.jsx +++ b/frontend-web/src/pages/CreateEvent.jsx @@ -1,5 +1,5 @@ import React from "react"; -import { base44 } from "@/api/base44Client"; +import { krowSDK } from "@/api/krowSDK"; import { useMutation, useQueryClient, useQuery } from "@tanstack/react-query"; import { useNavigate } from "react-router-dom"; import { createPageUrl } from "@/utils"; @@ -21,17 +21,17 @@ export default function CreateEvent() { const { data: currentUser } = useQuery({ queryKey: ['current-user-create-event'], - queryFn: () => base44.auth.me(), + queryFn: () => krowSDK.auth.me(), }); const { data: allEvents = [] } = useQuery({ queryKey: ['events-for-conflict-check'], - queryFn: () => base44.entities.Event.list(), + queryFn: () => krowSDK.entities.Event.list(), initialData: [], }); const createEventMutation = useMutation({ - mutationFn: (eventData) => base44.entities.Event.create(eventData), + mutationFn: (eventData) => krowSDK.entities.Event.create(eventData), onSuccess: () => { queryClient.invalidateQueries({ queryKey: ['events'] }); queryClient.invalidateQueries({ queryKey: ['client-events'] }); diff --git a/frontend-web/src/pages/Teams.jsx b/frontend-web/src/pages/Teams.jsx index acd931e7..8a4c3d90 100644 --- a/frontend-web/src/pages/Teams.jsx +++ b/frontend-web/src/pages/Teams.jsx @@ -1,5 +1,5 @@ import React, { useState, useEffect } from "react"; -import { base44 } from "@/api/base44Client"; +import { krowSDK } from "@/api/krowSDK"; import { useQuery, useMutation, useQueryClient } from "@tanstack/react-query"; import { Link, useNavigate } from "react-router-dom"; import { createPageUrl } from "@/utils"; @@ -79,7 +79,7 @@ export default function Teams() { const { data: user } = useQuery({ queryKey: ['current-user-teams'], - queryFn: () => base44.auth.me(), + queryFn: () => krowSDK.auth.me(), }); const userRole = user?.user_role || user?.role; @@ -100,7 +100,7 @@ export default function Teams() { */ const { data: userTeam } = useQuery({ queryKey: ['user-team', user?.id, userRole], - queryFn: async () => { + queryFn: async () => {debugger; if (!user?.id) { console.warn("⚠️ No user ID found - cannot fetch team"); return null; @@ -108,13 +108,15 @@ export default function Teams() { // SECURITY: Fetch ALL teams and filter by owner_id // This ensures only THIS user's team is returned - const allTeams = await base44.entities.Team.list('-created_date'); - + const result = await krowSDK.entities.Team.list('-created_date'); + + const allTeams = result?.data?.teams ?? [];//new, get array from object + // Find ONLY teams owned by this specific user let team = allTeams.find(t => t.owner_id === user.id); - + debugger; // ISOLATION VERIFICATION - if (team && team.owner_id !== user.id) { + if (team && team.ownerId !== user.id) {//it had team.owner_id I changed it to team.ownerId console.error("🚨 SECURITY VIOLATION: Team owner mismatch!"); return null; } @@ -122,23 +124,29 @@ export default function Teams() { // Auto-create team if doesn't exist (first time user accesses Teams) if (!team && user.id) { console.log(`✅ Creating new isolated team for ${userRole} user: ${user.email}`); - const teamName = user.company_name || `${user.full_name}'s Team` || "My Team"; - - team = await base44.entities.Team.create({ - team_name: teamName, - owner_id: user.id, // CRITICAL: Links team to THIS user only - owner_name: user.full_name || user.email, - owner_role: userRole, // Tracks which layer this team belongs to - email: user.email, - phone: user.phone || "", - total_members: 0, - active_members: 0, - total_hubs: 0, - favorite_staff_count: 0, - blocked_staff_count: 0, - departments: [], // Initialize with an empty array for departments - }); - + const teamName = user.companyName || `${user.fullName}'s Team` || "My Team"; + try { + team = await krowSDK.entities.Team.create({ + data: { + teamName: teamName, + ownerId: user.id, // CRITICAL: Links team to THIS user only + ownerName: user.fullName || user.email, + ownerRole: userRole, // Tracks which layer this team belongs to + //email: user.email, + //phone: user.phone || "", + //totalMembers: 0, + //active_members: 0, + //total_hubs: 0, + favoriteStaff: 0,//favoriteStaff_count: 0, + blockedStaff: 0,//blockedStaff_count: 0, + //departments: [], // Initialize with an empty array for departments + } + + }); + } catch (err) { + console.log('🔥 Error in user-team queryFn:', err); + throw err; // deja que React Query lo maneje como error + } console.log(`✅ Team created successfully for ${userRole}: ${team.id}`); } @@ -177,7 +185,7 @@ export default function Teams() { } // Fetch all members and filter by team_id - const allMembers = await base44.entities.TeamMember.list('-created_date'); + const allMembers = await krowSDK.entities.TeamMember.list('-created_date'); // SECURITY: Only return members that belong to THIS user's team const filteredMembers = allMembers.filter(m => m.team_id === userTeam.id); @@ -202,7 +210,7 @@ export default function Teams() { queryKey: ['team-invites', userTeam?.id], queryFn: async () => { if (!userTeam?.id) return []; - const allInvites = await base44.entities.TeamMemberInvite.list('-invited_date'); + const allInvites = await krowSDK.entities.TeamMemberInvite.list('-invited_date'); return allInvites.filter(inv => inv.team_id === userTeam.id && inv.invite_status === 'pending'); }, enabled: !!userTeam?.id, @@ -211,7 +219,7 @@ export default function Teams() { const { data: allStaff = [] } = useQuery({ queryKey: ['staff-for-favorites'], - queryFn: () => base44.entities.Staff.list(), + queryFn: () => krowSDK.entities.Staff.list(), enabled: !!userTeam?.id, initialData: [], }); @@ -220,7 +228,7 @@ export default function Teams() { queryKey: ['team-hubs-main', userTeam?.id], queryFn: async () => { if (!userTeam?.id) return []; - const allHubs = await base44.entities.TeamHub.list('-created_date'); + const allHubs = await krowSDK.entities.TeamHub.list('-created_date'); return allHubs.filter(h => h.team_id === userTeam.id); }, enabled: !!userTeam?.id, @@ -251,7 +259,7 @@ export default function Teams() { const firstHub = teamHubs.length > 0 ? teamHubs[0].hub_name : ""; const firstDept = uniqueDepartments.length > 0 ? uniqueDepartments[0] : "Operations"; - const invite = await base44.entities.TeamMemberInvite.create({ + const invite = await krowSDK.entities.TeamMemberInvite.create({ team_id: userTeam.id, team_name: userTeam.team_name || "Team", invite_code: inviteCode, @@ -295,7 +303,7 @@ export default function Teams() { if (data.hub && !existingHub) { // Create new hub with department - await base44.entities.TeamHub.create({ + await krowSDK.entities.TeamHub.create({ team_id: userTeam.id, hub_name: data.hub, address: "", @@ -309,7 +317,7 @@ export default function Teams() { const departmentExists = hubDepartments.some(d => d.department_name === data.department); if (!departmentExists) { - await base44.entities.TeamHub.update(existingHub.id, { + await krowSDK.entities.TeamHub.update(existingHub.id, { departments: [...hubDepartments, { department_name: data.department, cost_center: "" }] }); queryClient.invalidateQueries({ queryKey: ['team-hubs-main', userTeam?.id] }); @@ -318,7 +326,7 @@ export default function Teams() { const inviteCode = `TEAM-${Math.floor(10000 + Math.random() * 90000)}`; - const invite = await base44.entities.TeamMemberInvite.create({ + const invite = await krowSDK.entities.TeamMemberInvite.create({ team_id: userTeam.id, team_name: userTeam.team_name || "Team", invite_code: inviteCode, @@ -335,7 +343,7 @@ export default function Teams() { const registerUrl = `${window.location.origin}${createPageUrl('Onboarding')}?invite=${inviteCode}`; - await base44.integrations.Core.SendEmail({ + await krowSDK.integrations.Core.SendEmail({ from_name: userTeam.team_name || "KROW", to: data.email, subject: `🚀 Welcome to KROW! You've been invited to ${data.hub || userTeam.team_name}`, @@ -439,7 +447,7 @@ export default function Teams() { mutationFn: async (invite) => { const registerUrl = `${window.location.origin}${createPageUrl('Onboarding')}?invite=${invite.invite_code}`; - await base44.integrations.Core.SendEmail({ + await krowSDK.integrations.Core.SendEmail({ from_name: userTeam.team_name || "Team", to: invite.email, subject: `Reminder: You're invited to join ${userTeam.team_name || 'our team'}!`, @@ -501,7 +509,7 @@ export default function Teams() { }); const updateMemberMutation = useMutation({ - mutationFn: ({ id, data }) => base44.entities.TeamMember.update(id, data), + mutationFn: ({ id, data }) => krowSDK.entities.TeamMember.update(id, data), onSuccess: () => { queryClient.invalidateQueries({ queryKey: ['team-members', userTeam?.id] }); setShowEditMemberDialog(false); @@ -514,7 +522,7 @@ export default function Teams() { }); const deactivateMemberMutation = useMutation({ - mutationFn: ({ id }) => base44.entities.TeamMember.update(id, { is_active: false }), + mutationFn: ({ id }) => krowSDK.entities.TeamMember.update(id, { is_active: false }), onSuccess: () => { queryClient.invalidateQueries({ queryKey: ['team-members', userTeam?.id] }); toast({ @@ -525,7 +533,7 @@ export default function Teams() { }); const activateMemberMutation = useMutation({ - mutationFn: ({ id }) => base44.entities.TeamMember.update(id, { is_active: true }), + mutationFn: ({ id }) => krowSDK.entities.TeamMember.update(id, { is_active: true }), onSuccess: () => { queryClient.invalidateQueries({ queryKey: ['team-members', userTeam?.id] }); toast({ @@ -607,7 +615,7 @@ export default function Teams() { } // Update the team with new departments list - await base44.entities.Team.update(userTeam.id, { + await krowSDK.entities.Team.update(userTeam.id, { departments: updatedDepartments }); @@ -638,7 +646,7 @@ export default function Teams() { const currentDepartments = userTeam.departments || []; const updatedDepartments = currentDepartments.filter(dept => dept !== deptToDelete); - await base44.entities.Team.update(userTeam.id, { + await krowSDK.entities.Team.update(userTeam.id, { departments: updatedDepartments }); @@ -658,7 +666,7 @@ export default function Teams() { }; const updateTeamMutation = useMutation({ - mutationFn: ({ id, data }) => base44.entities.Team.update(id, data), + mutationFn: ({ id, data }) => krowSDK.entities.Team.update(id, data), onSuccess: () => { queryClient.invalidateQueries({ queryKey: ['user-team', user?.id, userRole] }); toast({ @@ -761,7 +769,7 @@ export default function Teams() { }, [isGoogleMapsLoaded, showAddHubDialog]); const createHubMutation = useMutation({ - mutationFn: (hubData) => base44.entities.TeamHub.create({ + mutationFn: (hubData) => krowSDK.entities.TeamHub.create({ ...hubData, team_id: userTeam.id, is_active: true @@ -2370,14 +2378,14 @@ export default function Teams() { size="lg" onClick={async () => { const updatedDepartments = [...(selectedHubForDept.departments || []), newHubDepartment]; - await base44.entities.TeamHub.update(selectedHubForDept.id, { + await krowSDK.entities.TeamHub.update(selectedHubForDept.id, { departments: updatedDepartments }); // Also add department to team's global department list const teamDepartments = userTeam?.departments || []; if (!teamDepartments.includes(newHubDepartment.department_name)) { - await base44.entities.Team.update(userTeam.id, { + await krowSDK.entities.Team.update(userTeam.id, { departments: [...teamDepartments, newHubDepartment.department_name] }); queryClient.invalidateQueries({ queryKey: ['user-team', user?.id, userRole] });