fix(api): harden migration script and correctly implement admin limit bypass

fulleni · fulleni · commit 8a45a96e5e23 · 2025-11-11T10:46:02.000+01:00
This commit applies two important fixes based on code review feedback:

Robust Migration Script: The UnifyInterestsAndRemoteConfig migration script has been hardened. It now wraps the parsing of deliveryTypes in a try-catch block. This prevents the entire server from crashing on startup if it encounters malformed data (an invalid enum string) in a user's legacy notificationSubscriptions, making the migration process more resilient.

Correct Admin Bypass: The administrator bypass for user preference limits has been re-implemented in the architecturally correct location. Instead of coupling the UserPreferenceLimitService with the PermissionService, the check is now performed in the user_content_preferences custom updater within data_operation_registry.dart. This ensures that the limit service is only called if the user does not have the userPreferenceBypassLimits permission, maintaining a clean separation of concerns.
diff --git a/lib/src/database/migrations/20251111000000_unify_interests_and_remote_config.dart b/lib/src/database/migrations/20251111000000_unify_interests_and_remote_config.dart
@@ -104,11 +104,18 @@ class UnifyInterestsAndRemoteConfig extends Migration {
         final key = _generateCriteriaKey(criteria);
         final deliveryTypes =
             (subscription['deliveryTypes'] as List<dynamic>? ?? [])
-                .map(
-                  (e) => PushNotificationSubscriptionDeliveryType.values.byName(
-                    e as String,
-                  ),
-                )
+                .map((e) {
+                  try {
+                    return PushNotificationSubscriptionDeliveryType.values
+                        .byName(e as String);
+                  } catch (_) {
+                    log.warning(
+                      'User $userId has a notificationSubscription with an invalid deliveryType: "$e". Skipping this type.',
+                    );
+                    return null;
+                  }
+                })
+                .whereType<PushNotificationSubscriptionDeliveryType>()
                 .toSet();
 
         interestMap.update(
diff --git a/lib/src/registry/data_operation_registry.dart b/lib/src/registry/data_operation_registry.dart
@@ -4,6 +4,7 @@ import 'package:core/core.dart';
 import 'package:dart_frog/dart_frog.dart';
 import 'package:data_repository/data_repository.dart';
 import 'package:flutter_news_app_api_server_full_source_code/src/middlewares/ownership_check_middleware.dart';
+import 'package:flutter_news_app_api_server_full_source_code/src/rbac/permissions.dart';
 import 'package:flutter_news_app_api_server_full_source_code/src/rbac/permission_service.dart';
 import 'package:flutter_news_app_api_server_full_source_code/src/services/country_query_service.dart';
 import 'package:flutter_news_app_api_server_full_source_code/src/services/dashboard_summary_service.dart';
@@ -386,6 +387,7 @@ class DataOperationRegistry {
           'Executing custom updater for user_content_preferences ID: $id.',
         );
         final authenticatedUser = context.read<User>();
+        final permissionService = context.read<PermissionService>();
         final userPreferenceLimitService = context
             .read<UserPreferenceLimitService>();
         final userContentPreferencesRepository = context
@@ -400,13 +402,23 @@ class DataOperationRegistry {
 
         // 2. Validate all limits using the consolidated service method.
         // The service now contains all logic to compare the updated and
-        // current preferences and check all relevant limits (interests,
-        // followed items, etc.) in one go.
-        await userPreferenceLimitService.checkUserContentPreferencesLimits(
-          user: authenticatedUser,
-          updatedPreferences: preferencesToUpdate,
-          currentPreferences: currentPreferences,
-        );
+        // current preferences and check all relevant limits.
+        //
+        // We first check if the user has permission to bypass these limits.
+        if (permissionService.hasPermission(
+          authenticatedUser,
+          Permissions.userPreferenceBypassLimits,
+        )) {
+          _log.info(
+            'User ${authenticatedUser.id} has bypass permission. Skipping limit checks.',
+          );
+        } else {
+          await userPreferenceLimitService.checkUserContentPreferencesLimits(
+            user: authenticatedUser,
+            updatedPreferences: preferencesToUpdate,
+            currentPreferences: currentPreferences,
+          );
+        }
 
         // 3. If all checks pass, proceed with the update.
         _log.info(
