EPESS/epess-web-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: improve document access validation in DocumentSchema

Browse Source 
- Enhanced authorization checks in DocumentSchema to ensure users must either be the document owner or a writable collaborator.
- Consolidated validation logic for better readability and maintainability, improving error handling for unauthorized access.
This commit is contained in:
Ly Tuan Kiet
2024-12-02 21:36:08 +07:00
parent 02bc5fe691
commit e937330398
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Document/document.schema.ts
View File

@@ -294,11 +294,12 @@ export class DocumentSchema extends PothosSchema {
})
if (!document) throw new Error('Document not found')
if (
!document.isPublic ||
!document.collaborators.some((c) => c.userId === ctx.http?.me?.id && c.writable) ||
!document.isPublic &&
!document.collaborators.some((c) => c.userId === ctx.http?.me?.id && c.writable) &&
document.ownerId !== ctx.http?.me?.id
)
) {
throw new Error('User is not owner or collaborator of document')
}
return await this.prisma.document.update({
...query,
where: { id: args.documentId },