From 44acbcd4d04892fe52a4ff1acd1810fc476f38a0 Mon Sep 17 00:00:00 2001
From: Andreas Knuth <andreas.knuth@gmail.com>
Date: Tue, 28 May 2024 11:55:26 -0500
Subject: [PATCH] safe if user===undefined

---
 .../src/listings/listings.service.ts          | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/bizmatch-server/src/listings/listings.service.ts b/bizmatch-server/src/listings/listings.service.ts
index 909912a..a74da29 100644
--- a/bizmatch-server/src/listings/listings.service.ts
+++ b/bizmatch-server/src/listings/listings.service.ts
@@ -69,7 +69,7 @@ export class ListingsService {
       .select()
       .from(commercials)
       .where(and(sql`${commercials.id} = ${id}`));
-    result = result.filter(r => !r.draft || r.imagePath === emailToDirName(user.username) || user.roles.includes('ADMIN'));
+    result = result.filter(r => !r.draft || r.imagePath === emailToDirName(user?.username) || user?.roles.includes('ADMIN'));
     return result[0] as CommercialPropertyListing;
   }
   async findBusinessesById(id: string, user: JwtUser): Promise<CommercialPropertyListing> {
@@ -77,20 +77,13 @@ export class ListingsService {
       .select()
       .from(businesses)
       .where(and(sql`${businesses.id} = ${id}`));
-    result = result.filter(r => !r.draft || r.imageName === emailToDirName(user.username) || user.roles.includes('ADMIN'));
+    result = result.filter(r => !r.draft || r.imageName === emailToDirName(user?.username) || user?.roles.includes('ADMIN'));
     return result[0] as BusinessListing;
   }
-  async findByImagePath(imagePath: string, serial: string): Promise<CommercialPropertyListing> {
-    const result = await this.conn
-      .select()
-      .from(commercials)
-      .where(and(sql`${commercials.imagePath} = ${imagePath}`, sql`${commercials.serialId} = ${serial}`, ne(commercials.draft, true)));
-    return result[0] as CommercialPropertyListing;
-  }
   async findCommercialPropertiesByEmail(email: string, user: JwtUser): Promise<CommercialPropertyListing[]> {
     const conditions = [];
     conditions.push(eq(commercials.imagePath, emailToDirName(email)));
-    if (email !== user.username && !user.roles.includes('ADMIN')) {
+    if (email !== user?.username && (!user?.roles?.includes('ADMIN') ?? false)) {
       conditions.push(ne(commercials.draft, true));
     }
     return (await this.conn
@@ -101,7 +94,7 @@ export class ListingsService {
   async findBusinessesByEmail(email: string, user: JwtUser): Promise<BusinessListing[]> {
     const conditions = [];
     conditions.push(eq(businesses.imageName, emailToDirName(email)));
-    if (email !== user.username && !user.roles.includes('ADMIN')) {
+    if (email !== user?.username && (!user?.roles?.includes('ADMIN') ?? false)) {
       conditions.push(ne(businesses.draft, true));
     }
     return (await this.conn
@@ -109,6 +102,13 @@ export class ListingsService {
       .from(businesses)
       .where(and(...conditions))) as CommercialPropertyListing[];
   }
+  async findByImagePath(imagePath: string, serial: string): Promise<CommercialPropertyListing> {
+    const result = await this.conn
+      .select()
+      .from(commercials)
+      .where(and(sql`${commercials.imagePath} = ${imagePath}`, sql`${commercials.serialId} = ${serial}`, ne(commercials.draft, true)));
+    return result[0] as CommercialPropertyListing;
+  }
   async createListing(data: BusinessListing | CommercialPropertyListing, table: typeof businesses | typeof commercials): Promise<BusinessListing | CommercialPropertyListing> {
     data.created = new Date();
     data.updated = new Date();