google · rfontanarosa · Oct 3, 2025 · Sep 12, 2025 · Sep 16, 2025 · Sep 18, 2025
diff --git a/functions/src/common/auth.ts b/functions/src/common/auth.ts
@@ -94,17 +94,31 @@ function getRole(
   return acl && user.email ? acl[user.email] : null;
 }
 
+export function hasOrganizerRole(
+  user: DecodedIdToken,
+  survey: DocumentSnapshot
+): boolean {
+  const role = getRole(user, survey);
+  return !!role && [Pb.Role.SURVEY_ORGANIZER].includes(role);
+}
+
 export function canExport(
   user: DecodedIdToken,
   survey: DocumentSnapshot
 ): boolean {
+  const generalAccess = survey.get(s.generalAccess);
+  if (
+    [Pb.Survey.GeneralAccess.PUBLIC, Pb.Survey.GeneralAccess.UNLISTED].includes(
+      generalAccess
+    )
+  )
+    return true;
   return !!getRole(user, survey);
 }
 
 export function canImport(
   user: DecodedIdToken,
   survey: DocumentSnapshot
 ): boolean {
-  const role = getRole(user, survey);
-  return !!role && [Pb.Role.SURVEY_ORGANIZER].includes(role);
+  return hasOrganizerRole(user, survey);
 }
diff --git a/functions/src/common/datastore.ts b/functions/src/common/datastore.ts
@@ -31,7 +31,7 @@
 */
 type pseudoGeoJsonGeometry = {
  type: string;
  coordinates: any;
 };

 /**
@@ -185,7 +185,7 @@
   async fetchLoisSubmissions(
     surveyId: string,
     jobId: string,
-    ownerId: string | undefined,
+    ownerId: string | null,
     pageSize: number
   ) {
     const loisQuery = this.db_
@@ -238,7 +238,7 @@
    await loiRef.update({[l.properties]: loiDoc[l.properties]});
  }

  static toFirestoreMap(geometry: any) {
    return Object.fromEntries(
      Object.entries(geometry).map(([key, value]) => [
        key,
@@ -247,7 +247,7 @@
    );
  }

  static toFirestoreValue(value: any): any {
    if (value === null) {
      return null;
    }
@@ -275,7 +275,7 @@
   *
   * @returns GeoJSON geometry object (with geometry as list of lists)
   */
  static fromFirestoreMap(geoJsonGeometry: any): any {
    const geometryObject = geoJsonGeometry as pseudoGeoJsonGeometry;
    if (!geometryObject) {
      throw new Error(
@@ -290,7 +290,7 @@
    return geometryObject;
  }

  static fromFirestoreValue(coordinates: any) {
    if (coordinates instanceof GeoPoint) {
      // Note: GeoJSON coordinates are in lng-lat order.
      return [coordinates.longitude, coordinates.latitude];
@@ -299,7 +299,7 @@
    if (typeof coordinates !== 'object') {
      return coordinates;
    }
    const result = new Array<any>(coordinates.length);

    Object.entries(coordinates).map(([i, nestedValue]) => {
      const index = Number.parseInt(i);

diff --git a/functions/src/common/utils.ts b/functions/src/common/utils.ts
@@ -14,6 +14,33 @@
  * limitations under the License.
  */
 
+import {GroundProtos} from '@ground/proto';
+
+import Pb = GroundProtos.ground.v1beta1;
+
+/**
+ * Checks if a Location of Interest (LOI) is accessible to a given user.
+ *
+ * An LOI is accessible if:
+ * - Its source is `IMPORTED`.
+ * - Its `ownerId` passed to the function is `null`.
+ * - Its `ownerId` matches the LOI's owner.
+ *
+ * @param loi The Location of Interest object to check.
+ * @param ownerId The ID of the user requesting access. Pass `null` to bypass the ownership check.
+ * @returns True if the LOI is accessible to the user, false otherwise.
+ */
+export function isAccessibleLoi(
+  loi: Pb.ILocationOfInterest,
+  ownerId: string | null
+) {
+  return (
+    loi.source === Pb.LocationOfInterest.Source.IMPORTED ||
+    ownerId === null ||
+    loi.ownerId === ownerId
+  );
+}
+
 export function stringFormat(s: string, ...args: any[]): string {
   return s.replace(/\{(\d+)\}/g, (_, index) => args[index] || `{${index}}`);
 }
diff --git a/functions/src/export-csv.ts b/functions/src/export-csv.ts
@@ -16,7 +16,8 @@
 
 import * as functions from 'firebase-functions';
 import * as csv from '@fast-csv/format';
-import {canExport, canImport} from './common/auth';
+import {canExport, hasOrganizerRole} from './common/auth';
+import {isAccessibleLoi} from './common/utils';
 import {geojsonToWKT} from '@terraformer/wkt';
 import {getDatastore} from './common/context';
 import * as HttpStatus from 'http-status-codes';
@@ -42,6 +43,7 @@ export async function exportCsvHandler(
   const {uid: userId} = user;
   const surveyId = req.query.survey as string;
   const jobId = req.query.job as string;
+
   const surveyDoc = await db.fetchSurvey(surveyId);
   if (!surveyDoc.exists) {
     res.status(HttpStatus.NOT_FOUND).send('Survey not found');
@@ -51,7 +53,13 @@ export async function exportCsvHandler(
     res.status(HttpStatus.FORBIDDEN).send('Permission denied');
     return;
   }
-  const ownerId = canImport(user, surveyDoc) ? undefined : userId;
+  const survey = toMessage(surveyDoc.data()!, Pb.Survey);
+  if (survey instanceof Error) {
+    res
+      .status(HttpStatus.INTERNAL_SERVER_ERROR)
+      .send('Unsupported or corrupt survey');
+    return;
+  }
 
   const jobDoc = await db.fetchJob(surveyId, jobId);
   if (!jobDoc.exists || !jobDoc.data()) {
@@ -67,11 +75,17 @@ export async function exportCsvHandler(
   }
   const {name: jobName} = job;
 
-  const survey = toMessage(surveyDoc.data()!, Pb.Survey);
+  const isOrganizer = hasOrganizerRole(user, surveyDoc);
+
+  const canViewAll =
+    isOrganizer ||
+    survey.dataVisibility === Pb.Survey.DataVisibility.ALL_SURVEY_PARTICIPANTS;
+
+  const ownerIdFilter = canViewAll ? null : userId;
 
   const tasks = job.tasks.sort((a, b) => a.index! - b.index!);
   const snapshot = await db.fetchLocationsOfInterest(surveyId, jobId);
-  const loiProperties = createProperySetFromSnapshot(snapshot, survey, ownerId);
+  const loiProperties = createProperySetFromSnapshot(snapshot, ownerIdFilter);
   const headers = getHeaders(tasks, loiProperties);
 
   res.type('text/csv');
@@ -89,14 +103,19 @@ export async function exportCsvHandler(
   });
   csvStream.pipe(res);
 
-  const rows = await db.fetchLoisSubmissions(surveyId, jobId, ownerId, 50);
+  const rows = await db.fetchLoisSubmissions(
+    surveyId,
+    jobId,
+    ownerIdFilter,
+    50
+  );
 
   for await (const row of rows) {
     try {
       const [loiDoc, submissionDoc] = row;
       const loi = toMessage(loiDoc.data(), Pb.LocationOfInterest);
       if (loi instanceof Error) throw loi;
-      if (isAccessibleLoi(survey, loi, ownerId) && submissionDoc) {
+      if (isAccessibleLoi(loi, ownerIdFilter) && submissionDoc) {
         const submission = toMessage(submissionDoc.data(), Pb.Submission);
         if (submission instanceof Error) throw submission;
         writeRow(csvStream, loiProperties, tasks, loi, submission);
@@ -179,22 +198,6 @@ function toWkt(geometry: Pb.IGeometry): string {
   return geojsonToWKT(toGeoJsonGeometry(geometry));
 }
 
-/**
- * Checks if a Location of Interest (LOI) is accessible to a given user.
- */
-function isAccessibleLoi(
-  survey: Pb.ISurvey,
-  loi: Pb.ILocationOfInterest,
-  ownerId?: string
-) {
-  if (
-    survey.dataVisibility === Pb.Survey.DataVisibility.ALL_SURVEY_PARTICIPANTS
-  )
-    return true;
-  const isFieldData = loi.source === Pb.LocationOfInterest.Source.FIELD_DATA;
-  return ownerId ? isFieldData && loi.ownerId === ownerId : true;
-}
-
 /**
  * Returns the string or number representation of a specific task element result.
  */
@@ -290,14 +293,13 @@ function getFileName(jobName: string | null) {
 
 function createProperySetFromSnapshot(
   snapshot: QuerySnapshot,
-  survey: Pb.ISurvey,
-  ownerId?: string
+  ownerId: string | null
 ): Set<string> {
   const allKeys = new Set<string>();
   snapshot.forEach(doc => {
     const loi = toMessage(doc.data(), Pb.LocationOfInterest);
     if (loi instanceof Error) return;
-    if (!isAccessibleLoi(survey, loi, ownerId)) return;
+    if (!isAccessibleLoi(loi, ownerId)) return;
     const properties = loi.properties;
     for (const key of Object.keys(properties || {})) {
       allKeys.add(key);

diff --git a/functions/src/export-geojson.ts b/functions/src/export-geojson.ts
@@ -16,8 +16,9 @@
 
 import * as functions from 'firebase-functions';
 import {Map} from 'immutable';
-import {canExport, canImport} from './common/auth';
+import {canExport, hasOrganizerRole} from './common/auth';
 import {getDatastore} from './common/context';
+import {isAccessibleLoi} from './common/utils';
 import * as HttpStatus from 'http-status-codes';
 import {DecodedIdToken} from 'firebase-admin/auth';
 import {toMessage} from '@ground/lib';
@@ -38,6 +39,7 @@ export async function exportGeojsonHandler(
   const {uid: userId} = user;
   const surveyId = req.query.survey as string;
   const jobId = req.query.job as string;
+
   const surveyDoc = await db.fetchSurvey(surveyId);
   if (!surveyDoc.exists) {
     res.status(HttpStatus.NOT_FOUND).send('Survey not found');
@@ -47,7 +49,13 @@ export async function exportGeojsonHandler(
     res.status(HttpStatus.FORBIDDEN).send('Permission denied');
     return;
   }
-  const ownerId = canImport(user, surveyDoc) ? undefined : userId;
+  const survey = toMessage(surveyDoc.data()!, Pb.Survey);
+  if (survey instanceof Error) {
+    res
+      .status(HttpStatus.INTERNAL_SERVER_ERROR)
+      .send('Unsupported or corrupt survey');
+    return;
+  }
 
   const jobDoc = await db.fetchJob(surveyId, jobId);
   if (!jobDoc.exists || !jobDoc.data()) {
@@ -63,7 +71,13 @@ export async function exportGeojsonHandler(
   }
   const {name: jobName} = job;
 
-  const survey = toMessage(surveyDoc.data()!, Pb.Survey);
+  const isOrganizer = hasOrganizerRole(user, surveyDoc);
+
+  const canViewAll =
+    isOrganizer ||
+    survey.dataVisibility === Pb.Survey.DataVisibility.ALL_SURVEY_PARTICIPANTS;
+
+  const ownerIdFilter = canViewAll ? null : userId;
 
   res.type('application/json');
   res.setHeader(
@@ -83,7 +97,7 @@ export async function exportGeojsonHandler(
     try {
       const loi = toMessage(row.data(), Pb.LocationOfInterest);
       if (loi instanceof Error) throw loi;
-      if (isAccessibleLoi(survey, loi, ownerId)) {
+      if (isAccessibleLoi(loi, ownerIdFilter)) {
         const feature = buildFeature(loi);
         if (!feature) continue;
 
@@ -119,22 +133,6 @@ function buildFeature(loi: Pb.LocationOfInterest) {
   };
 }
 
-/**
- * Checks if a Location of Interest (LOI) is accessible to a given user.
- */
-function isAccessibleLoi(
-  survey: Pb.ISurvey,
-  loi: Pb.ILocationOfInterest,
-  ownerId?: string
-) {
-  if (
-    survey.dataVisibility === Pb.Survey.DataVisibility.ALL_SURVEY_PARTICIPANTS
-  )
-    return true;
-  const isFieldData = loi.source === Pb.LocationOfInterest.Source.FIELD_DATA;
-  return ownerId ? isFieldData && loi.ownerId === ownerId : true;
-}
-
 /**
  * Returns the file name in lowercase (replacing any special characters with '-') for csv export
  */