fix: make clients shared across all users instead of per-user scoped#760
Open
devin-ai-integration[bot] wants to merge 1 commit into
Open
fix: make clients shared across all users instead of per-user scoped#760devin-ai-integration[bot] wants to merge 1 commit into
devin-ai-integration[bot] wants to merge 1 commit into
Conversation
Clients are now visible, editable, and deletable by all authenticated users. Previously, client queries filtered by user_email, causing clients created by one user to be invisible to others. Changes: - Remove user_email filtering from all client CRUD queries - Remove user_email filtering from client lookups in work entries and reports - Update tests to reflect shared client behavior
Contributor
Author
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Removes
user_emailfiltering from all client-related SQL queries so that clients are shared across all authenticated employees rather than siloed per-user. Previously, a client created by User A was invisible to User B because every client query includedWHERE user_email = ?.Files changed:
backend/src/routes/clients.js— Removeduser_emailfrom all client CRUD queries (list, get, update, delete, delete-all).backend/src/routes/workEntries.js— Removeduser_emailfrom client-existence checks when creating/updating work entries. Error message simplified from"Client not found or does not belong to user"→"Client not found".backend/src/routes/reports.js— Removeduser_emailfrom client lookups and work-entry queries in report/export endpoints.Note: work entry CRUD (
GET /work-entries,PUT,DELETE) still filters byuser_email— each user manages their own time entries, but against a shared pool of clients.Review & Testing Checklist for Human
DELETE /api/clientsis now a global delete — it previously deleted only the authenticated user's clients; it now deletes all clients for every user. Verify this is acceptable or if it should be removed/restricted to an admin role.user_emailfilter was removed from work-entry queries inreports.js. Confirm this is the desired behavior (cross-user report) vs. only showing the current user's hours for a shared client.Notes
user_emailin theclientstable (as the creator), which could be useful for audit purposes in the future.Link to Devin session: https://partner-workshops.devinenterprise.com/sessions/610609f36a08438580ad0478c21a7f68