From db2b3e9dd4790956bc7b0f407ae77a84d8f1912b Mon Sep 17 00:00:00 2001
From: Ly Tuan Kiet <lyhung998877@gmail.com>
Date: Fri, 6 Dec 2024 16:34:49 +0700
Subject: [PATCH] fix: enhance collaborator access check in DocumentSchema

- Updated the collaborator access check in the DocumentSchema to ensure that a user must have both writable and readable permissions to access a document.
- Improved error handling by providing a more precise condition for user access, enhancing security and clarity in document collaboration.
---
 src/Document/document.schema.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Document/document.schema.ts b/src/Document/document.schema.ts
index 6b311f5..9bf5d9e 100644
--- a/src/Document/document.schema.ts
+++ b/src/Document/document.schema.ts
@@ -402,7 +402,7 @@ export class DocumentSchema extends PothosSchema {
           if (!document.isPublic) {
             if (
               document.ownerId !== ctx.websocket?.me?.id &&
-              !document.collaborators.some((c) => c.userId === ctx.websocket?.me?.id && c.writable)
+              !document.collaborators.some((c) => c.userId === ctx.websocket?.me?.id && c.writable && c.readable)
             )
               throw new Error('User is not owner or collaborator of document')
           }