fix(server): resolve lack of user isolation

2025-06-24 17:28:28 +00:00 · 2025-06-24 17:28:28 +00:00 · 3f3654c3cb
parent a0e75d4619
commit 3f3654c3cb
3 changed files with 2 additions and 2 deletions
--- a/.github/workflows/.test-integration.yml.swp
+++ b/.github/workflows/.test-integration.yml.swp
--- a/.github/workflows/test-integration.yml
+++ b/.github/workflows/test-integration.yml
@ -135,7 +135,7 @@ jobs:
          echo "Running tests with DATABASE_URL: $DATABASE_URL"
          echo "Environment check:"
          env | grep -E "(DATABASE_URL|JWT_SECRET|API_URL)" | sort
-          cargo test --test '*' -- --test-threads=1
+          cargo test --test '*' --features test-utils -- --test-threads=1
        env:
          DATABASE_URL: ${{ env.DATABASE_URL }}
          TEST_DATABASE_URL: ${{ env.DATABASE_URL }}
--- a/src/routes/documents.rs
+++ b/src/routes/documents.rs
@ -669,7 +669,7 @@ async fn get_failed_ocr_documents(
            GROUP BY document_id
        ) q ON d.id = q.document_id
        WHERE d.ocr_status = 'failed'
-          AND ($1 = $1 OR d.user_id = $1)  -- Admin can see all, users see only their own
+          AND ($1::uuid IS NULL OR d.user_id = $1)  -- Admin can see all, users see only their own
        ORDER BY d.updated_at DESC
        LIMIT $2 OFFSET $3
        "#