Skip to content

fix(export-to-csv): paginate org user fetch for organization owners#150

Draft
cs-raj wants to merge 3 commits into
v2-devfrom
fix/DX-3943
Draft

fix(export-to-csv): paginate org user fetch for organization owners#150
cs-raj wants to merge 3 commits into
v2-devfrom
fix/DX-3943

Conversation

@cs-raj
Copy link
Copy Markdown
Contributor

@cs-raj cs-raj commented May 18, 2026

Summary

Fixes incomplete user exports in cm:export-to-csv when the logged-in user is the organization owner.

  • Before: Owners called getInvitations() with no pagination params, so the API returned only the default page (~10 users).
  • After: Owners and admins both use the existing getUsers() helper, which paginates getInvitations() with skip and limit until all users are fetched.

Problem

getOrgUsers() in api-client.ts had two code paths:

Role Behavior
Owner Single getInvitations() call — no pagination
Admin getUsers() loop with skip / limit

Both roles hit the same Management API endpoint; only the owner branch skipped pagination. This caused CSV exports to include a partial user list for owners while admins saw the full list (e.g. 66 vs 10 users).

Solution

  • Remove the owner-only getInvitations() branch.
  • Reject access when the user is neither owner nor admin.
  • Fetch users for owners and admins via getUsers() using config.limit (100).

Changes

  • packages/contentstack-export-to-csv/src/utils/api-client.ts — unify getOrgUsers fetch logic
  • packages/contentstack-export-to-csv/test/unit/utils/api-client.test.ts — add pagination and access-control tests
  • packages/contentstack-export-to-csv/package.json — version bump to 2.0.0-beta.8

Test plan

  • pnpm test:unit in contentstack-export-to-csv (91 tests passing)
  • Manual: run csdx cm:export-to-csv --action users --org <org-uid> as owner on an org with 10+ users

harshitha-cstk
harshitha-cstk previously approved these changes May 18, 2026
View reviewed changes
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

sunil-lakshman
sunil-lakshman approved these changes May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sunil-lakshman sunil-lakshman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sunil-lakshman sunil-lakshman sunil-lakshman approved these changes

@harshitha-cstk harshitha-cstk harshitha-cstk left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cs-raj @sunil-lakshman @harshitha-cstk