rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(auth): include legacy role column in getRoles query

Browse source 
The superadmin role was stored in users.role column but getRoles()
only checked user_roles table. Updated to use UNION query that
combines both sources for backward compatibility.

Fixes 403 Forbidden on /api/v1/users for admin users.
This commit is contained in:
Tiago Yamamoto 2025-12-25 23:20:22 -03:00
parent 14af54ec39
commit 01aca8971b
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
backend/internal/infrastructure/persistence/postgres/user_repository.go
View file

@ -162,7 +162,14 @@ func (r *UserRepository) Delete(ctx context.Context, id string) error {
}
func (r *UserRepository) getRoles(ctx context.Context, userID string) ([]entity.Role, error) {
rows, err := r.db.QueryContext(ctx, `SELECT role FROM user_roles WHERE user_id = $1`, userID)
// Query both user_roles table AND legacy role column from users table
// This ensures backward compatibility with users who have role set in users.role
query := `
SELECT role FROM user_roles WHERE user_id = $1
UNION
SELECT role FROM users WHERE id = $1 AND role IS NOT NULL AND role != ''
`
rows, err := r.db.QueryContext(ctx, query, userID)
if err != nil {
return nil, err
}