From 99e34aa8dc7508b560fffbd6700e157ddf9b79ff Mon Sep 17 00:00:00 2001
From: Akhil Meka <akhil.reddy@qualyval.com>
Date: Mon, 9 Jun 2025 17:43:04 +0530
Subject: [PATCH] add user read permission to clients

---
 src/user/user.service.ts | 2 +-
 src/utils/roles.ts       | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/user/user.service.ts b/src/user/user.service.ts
index 19d8bb8..01812bc 100644
--- a/src/user/user.service.ts
+++ b/src/user/user.service.ts
@@ -125,7 +125,7 @@ export async function listUsers(user: AuthenticatedUser) {
     return await userModel
       .find({
         $and: [
-          { tenantId: user.tenantId, orgId: user.orgId },
+          { tenantId: user.tenantId, orgId: user.orgId, role: "client" },
           { dev: { $ne: true } },
         ],
       })
diff --git a/src/utils/roles.ts b/src/utils/roles.ts
index 7651739..8514b87 100644
--- a/src/utils/roles.ts
+++ b/src/utils/roles.ts
@@ -116,6 +116,7 @@ export const rules: Record<
   },
   client: {
     claims: [
+      "user:read",
       "permit:read",
       "permit:write",
       "file:upload",