From faa25b3f7e13ca8532b5321016245177ed3f5bae Mon Sep 17 00:00:00 2001
From: Chris Brame <polonel@gmail.com>
Date: Sun, 22 Dec 2019 21:26:01 -0500
Subject: [PATCH] fix(reports): invalid group reporting. #290

---
 src/controllers/api/v1/reports.js | 107 ++++++++++++++++++++++--------
 1 file changed, 78 insertions(+), 29 deletions(-)

diff --git a/src/controllers/api/v1/reports.js b/src/controllers/api/v1/reports.js
index 7d97a5ee0..7be432724 100644
--- a/src/controllers/api/v1/reports.js
+++ b/src/controllers/api/v1/reports.js
@@ -156,10 +156,19 @@ apiReports.generate.ticketsByPriority = function (req, res) {
     [
       function (done) {
         if (_.includes(postData.groups, '-1')) {
-          groupSchema.getAllGroupsNoPopulate(function (err, grps) {
-            if (err) return done(err)
-            return done(null, grps)
-          })
+          if (req.user.role.isAdmin || req.user.role.isAgent) {
+            groupSchema.getAllGroupsNoPopulate(function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          } else {
+            groupSchema.getAllGroupsOfUser(req.user._id, function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          }
         } else {
           return done(null, postData.groups)
         }
@@ -232,11 +241,19 @@ apiReports.generate.ticketsByStatus = function (req, res) {
     [
       function (done) {
         if (_.includes(postData.groups, '-1')) {
-          groupSchema.getAllGroupsNoPopulate(function (err, grps) {
-            if (err) return done(err)
-
-            return done(null, grps)
-          })
+          if (req.user.role.isAdmin || req.user.role.isAgent) {
+            groupSchema.getAllGroupsNoPopulate(function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          } else {
+            groupSchema.getAllGroupsOfUser(req.user._id, function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          }
         } else {
           return done(null, postData.groups)
         }
@@ -313,11 +330,19 @@ apiReports.generate.ticketsByTags = function (req, res) {
     [
       function (done) {
         if (_.includes(postData.groups, '-1')) {
-          groupSchema.getAllGroupsNoPopulate(function (err, grps) {
-            if (err) return done(err)
-
-            return done(null, grps)
-          })
+          if (req.user.role.isAdmin || req.user.role.isAgent) {
+            groupSchema.getAllGroupsNoPopulate(function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          } else {
+            groupSchema.getAllGroupsOfUser(req.user._id, function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          }
         } else {
           return done(null, postData.groups)
         }
@@ -393,11 +418,19 @@ apiReports.generate.ticketsByType = function (req, res) {
     [
       function (done) {
         if (_.includes(postData.groups, '-1')) {
-          groupSchema.getAllGroupsNoPopulate(function (err, grps) {
-            if (err) return done(err)
-
-            return done(null, grps)
-          })
+          if (req.user.role.isAdmin || req.user.role.isAgent) {
+            groupSchema.getAllGroupsNoPopulate(function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          } else {
+            groupSchema.getAllGroupsOfUser(req.user._id, function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          }
         } else {
           return done(null, postData.groups)
         }
@@ -473,11 +506,19 @@ apiReports.generate.ticketsByUser = function (req, res) {
     [
       function (done) {
         if (_.includes(postData.groups, '-1')) {
-          groupSchema.getAllGroupsNoPopulate(function (err, grps) {
-            if (err) return done(err)
-
-            return done(null, grps)
-          })
+          if (req.user.role.isAdmin || req.user.role.isAgent) {
+            groupSchema.getAllGroupsNoPopulate(function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          } else {
+            groupSchema.getAllGroupsOfUser(req.user._id, function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          }
         } else {
           return done(null, postData.groups)
         }
@@ -522,11 +563,19 @@ apiReports.generate.ticketsByAssignee = function (req, res) {
     [
       function (done) {
         if (_.includes(postData.groups, '-1')) {
-          groupSchema.getAllGroupsNoPopulate(function (err, grps) {
-            if (err) return done(err)
-
-            return done(null, grps)
-          })
+          if (req.user.role.isAdmin || req.user.role.isAgent) {
+            groupSchema.getAllGroupsNoPopulate(function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          } else {
+            groupSchema.getAllGroupsOfUser(req.user._id, function (err, grps) {
+              if (err) return done(err)
+
+              return done(null, grps)
+            })
+          }
         } else {
           return done(null, postData.groups)
         }