EPESS/epess-web-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: enhance collaborator access check in DocumentSchema

Browse Source 
- Updated the collaborator access check in the DocumentSchema to ensure that a user must have both writable and readable permissions to access a document.
- Improved error handling by providing a more precise condition for user access, enhancing security and clarity in document collaboration.
This commit is contained in:
Ly Tuan Kiet
2024-12-06 16:34:49 +07:00
parent 6d28d74351
commit db2b3e9dd4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Document/document.schema.ts
View File

@@ -402,7 +402,7 @@ export class DocumentSchema extends PothosSchema {
if (!document.isPublic) {
if (
document.ownerId !== ctx.websocket?.me?.id &&
!document.collaborators.some((c) => c.userId === ctx.websocket?.me?.id && c.writable)
!document.collaborators.some((c) => c.userId === ctx.websocket?.me?.id && c.writable && c.readable)
)
throw new Error('User is not owner or collaborator of document')
}