Return real task lookup failures instead of false rules warnings

This commit is contained in:
2026-03-29 03:08:05 +00:00
parent 006f976f57
commit b3b2a2e2f0
+23 -60
View File
@@ -532,16 +532,7 @@ app.get('/api/tasks/list', async (c) => {
return c.json({ success: false, message: 'No target user available' }, 400);
}
const baseFields = 'id,user,title,startDate,dueDate,priority,completed,content,size,status,expand.user.id,expand.user.email,expand.user.name,expand.user.username';
const fetchTasksWithFilter = async (filter: string) => {
return taskPb.collection(PB_TASKS_COLLECTION).getFullList({
filter,
sort: '-startDate,-created',
expand: 'user',
fields: baseFields,
});
};
const baseFields = 'id,user,title,startDate,dueDate,priority,completed,content,size,status,owner,assigned_to,user_name,Username,expand.user.id,expand.user.email,expand.user.name,expand.user.username';
const fetchAllTasks = async () => {
return taskPb.collection(PB_TASKS_COLLECTION).getFullList({
sort: '-startDate,-created',
@@ -566,58 +557,30 @@ app.get('/api/tasks/list', async (c) => {
let effectiveUserId = requestedUserId || meId;
let effectiveUserName = targetUserName;
try {
const escapedName = targetUserName.replace(/"/g, '\\"');
const escapedUserId = (requestedUserId || meId).replace(/"/g, '\\"');
const candidateFilters = [
targetUserName ? `user = "${escapedName}"` : '',
targetUserName ? `user_name = "${escapedName}"` : '',
targetUserName ? `Username = "${escapedName}"` : '',
targetUserName ? `assigned_to = "${escapedName}"` : '',
targetUserName ? `owner = "${escapedName}"` : '',
escapedUserId ? `user = "${escapedUserId}"` : '',
].filter(Boolean);
for (const filter of candidateFilters) {
try {
const found = await fetchTasksWithFilter(filter);
if (Array.isArray(found) && found.length) {
records = found;
break;
}
} catch {
}
}
if (!records.length) {
const all = await fetchAllTasks();
if (targetUserName) {
records = all.filter((task: any) => matchTaskByName(task, targetUserName));
} else if (escapedUserId) {
records = all.filter((task: any) => String(task?.user || '') === escapedUserId);
} else {
records = all;
}
const all = await fetchAllTasks();
if (targetUserName) {
records = all.filter((task: any) => matchTaskByName(task, targetUserName));
} else if (requestedUserId || meId) {
const fallbackId = String(requestedUserId || meId).trim();
records = all.filter((task: any) => String(task?.user || '').trim() === fallbackId);
} else {
records = all;
}
} catch (listErr) {
if (targetUserName && meName && targetUserName !== meName) {
try {
const all = await fetchAllTasks();
records = all.filter((task: any) => matchTaskByName(task, meName));
effectiveUserId = meId;
effectiveUserName = meName;
warning = 'Requested user tasks are restricted by PocketBase rules; showing your tasks instead.';
} catch {
records = [];
effectiveUserId = meId;
effectiveUserName = meName;
warning = 'Task list is restricted by PocketBase rules; no accessible tasks for current user.';
}
} else {
records = [];
effectiveUserId = meId || requestedUserId;
effectiveUserName = targetUserName || meName;
warning = 'Task list is restricted by PocketBase rules; no accessible tasks for current user.';
}
const message = (listErr as Error)?.message || String(listErr);
return c.json({
success: false,
message: 'Failed to load accessible tasks from PocketBase',
details: message,
userId: meId || requestedUserId,
userName: targetUserName || meName,
}, 500);
}
if (!records.length) {
warning = targetUserName
? `No accessible Tasgird tasks matched user name "${targetUserName}".`
: 'No accessible Tasgird tasks matched the current user.';
}
return c.json({