feat: hide invite-only networks from non-admin users in listing

2026-05-30 06:40:49 +00:00
parent 2aad17f5e0
commit 55f24ea9e5
4 changed files with 240 additions and 2 deletions
@@ -6,6 +6,7 @@ import re
 from gatehouse_app.extensions import db
 from gatehouse_app.models import PortalNetwork
 from gatehouse_app.models.organization import Organization
+from gatehouse_app.models.organization.organization_member import OrganizationMember
 from gatehouse_app.models.user import User
 from gatehouse_app.services.audit_service import AuditService
 from gatehouse_app.services import zerotier_api_service as zt
@@ -178,14 +179,29 @@ def create_network(
 def list_networks(
    organization_id: str,
    include_inactive: bool = False,
+    user_id: str | None = None,
 ) -> list[PortalNetwork]:
-    """List portal networks for an organization."""
+    """List portal networks for an organization.
+
+    Invite-only networks are hidden from non-admin users.
+    """
    q = PortalNetwork.query.filter(
        PortalNetwork.organization_id == organization_id,
        PortalNetwork.deleted_at.is_(None),
    )
    if not include_inactive:
        q = q.filter(PortalNetwork.is_active.is_(True))
+
+    if user_id is not None:
+        membership = OrganizationMember.query.filter(
+            OrganizationMember.organization_id == organization_id,
+            OrganizationMember.user_id == user_id,
+            OrganizationMember.deleted_at.is_(None),
+        ).first()
+        is_admin = membership.is_admin() if membership else False
+        if not is_admin:
+            q = q.filter(PortalNetwork.request_mode != NetworkRequestMode.INVITE_ONLY)
+
    return q.all()