Merge branch 'dev' into auth-providers-clients

server/routers/site/createSite.ts

@@ -103,7 +103,7 @@ export async function createSite(
 
         const { orgId } = parsedParams.data;
 
-        if (!req.userOrgRoleId) {
+        if (req.user && !req.userOrgRoleId) {
             return next(
                 createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
             );
@@ -235,7 +235,7 @@ export async function createSite(
                 siteId: newSite.siteId
             });
 
-            if (req.userOrgRoleId != adminRole[0].roleId) {
+            if (req.user && req.userOrgRoleId != adminRole[0].roleId) {
                 // make sure the user can access the site
                 trx.insert(userSites).values({
                     userId: req.user?.userId!,

server/routers/site/listSites.ts

@@ -101,7 +101,7 @@ export async function listSites(
         }
         const { orgId } = parsedParams.data;
 
-        if (orgId && orgId !== req.userOrgId) {
+        if (req.user && orgId && orgId !== req.userOrgId) {
             return next(
                 createHttpError(
                     HttpCode.FORBIDDEN,
@@ -110,18 +110,26 @@ export async function listSites(
             );
         }
 
-        const accessibleSites = await db
-            .select({
-                siteId: sql<number>`COALESCE(${userSites.siteId}, ${roleSites.siteId})`
-            })
-            .from(userSites)
-            .fullJoin(roleSites, eq(userSites.siteId, roleSites.siteId))
-            .where(
-                or(
-                    eq(userSites.userId, req.user!.userId),
-                    eq(roleSites.roleId, req.userOrgRoleId!)
-                )
-            );
+        let accessibleSites;
+        if (req.user) {
+            accessibleSites = await db
+                .select({
+                    siteId: sql<number>`COALESCE(${userSites.siteId}, ${roleSites.siteId})`
+                })
+                .from(userSites)
+                .fullJoin(roleSites, eq(userSites.siteId, roleSites.siteId))
+                .where(
+                    or(
+                        eq(userSites.userId, req.user!.userId),
+                        eq(roleSites.roleId, req.userOrgRoleId!)
+                    )
+                );
+        } else {
+            accessibleSites = await db
+                .select({ siteId: sites.siteId })
+                .from(sites)
+                .where(eq(sites.orgId, orgId));
+        }
 
         const accessibleSiteIds = accessibleSites.map((site) => site.siteId);
         const baseQuery = querySites(orgId, accessibleSiteIds);