From e93733039899f11e9b289f1afb4ead52d9189a4e Mon Sep 17 00:00:00 2001
From: Ly Tuan Kiet <lyhung998877@gmail.com>
Date: Mon, 2 Dec 2024 21:36:08 +0700
Subject: [PATCH] refactor: improve document access validation in
 DocumentSchema

- Enhanced authorization checks in DocumentSchema to ensure users must either be the document owner or a writable collaborator.
- Consolidated validation logic for better readability and maintainability, improving error handling for unauthorized access.
---
 src/Document/document.schema.ts | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/Document/document.schema.ts b/src/Document/document.schema.ts
index 478b8a4..b781d68 100644
--- a/src/Document/document.schema.ts
+++ b/src/Document/document.schema.ts
@@ -294,11 +294,12 @@ export class DocumentSchema extends PothosSchema {
           })
           if (!document) throw new Error('Document not found')
           if (
-            !document.isPublic ||
-            !document.collaborators.some((c) => c.userId === ctx.http?.me?.id && c.writable) ||
+            !document.isPublic &&
+            !document.collaborators.some((c) => c.userId === ctx.http?.me?.id && c.writable) &&
             document.ownerId !== ctx.http?.me?.id
-          )
+          ) {
             throw new Error('User is not owner or collaborator of document')
+          }
           return await this.prisma.document.update({
             ...query,
             where: { id: args.documentId },