bitforge/orchard
3
0
Fork 0
Code Projects Wiki Activity

Fix team members not seeing private projects in listings

Browse Source 
The list_projects endpoint was only showing projects that were public or
created by the user. Updated to also include projects belonging to teams
where the user is a member.

This allows team members to see private projects in the main project
listing, not just on the team dashboard.
This commit is contained in:
Mondo Diaz
2026-01-28 00:14:16 +00:00
parent 053d45add1
commit da6af4ae71
1 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
backend/app/routes.py
View File

@@ -1450,15 +1450,46 @@ def list_projects(
) )
# Base query - filter by access # Base query - filter by access
query = db.query(Project).filter( # Users can see projects that are:
or_(Project.is_public == True, Project.created_by == user_id) # 1. Public
) # 2. Created by them
# 3. Belong to a team they're a member of
if current_user:
# Get team IDs where user is a member
user_team_ids = db.query(TeamMembership.team_id).filter(
TeamMembership.user_id == current_user.id
).subquery()
query = db.query(Project).filter(
or_(
Project.is_public == True,
Project.created_by == user_id,
Project.team_id.in_(user_team_ids)
)
)
else:
# Anonymous users only see public projects
query = db.query(Project).filter(Project.is_public == True)
# Apply visibility filter # Apply visibility filter
if visibility == "public": if visibility == "public":
query = query.filter(Project.is_public == True) query = query.filter(Project.is_public == True)
elif visibility == "private": elif visibility == "private":
query = query.filter(Project.is_public == False, Project.created_by == user_id) if current_user:
# Get team IDs where user is a member (for private filter)
user_team_ids_for_private = db.query(TeamMembership.team_id).filter(
TeamMembership.user_id == current_user.id
).subquery()
query = query.filter(
Project.is_public == False,
or_(
Project.created_by == user_id,
Project.team_id.in_(user_team_ids_for_private)
)
)
else:
# Anonymous users can't see private projects
query = query.filter(False)
# Apply search filter (case-insensitive on name and description) # Apply search filter (case-insensitive on name and description)
if search: if search: