mirror of
https://github.com/formbricks/formbricks.git
synced 2026-02-21 14:29:20 -06:00
feat: add authorization on product update action during onboarding (#1009)
Co-authored-by: Matti Nannt <mail@matthiasnannt.com>
This commit is contained in:
committed by
GitHub
parent
d05122d2fe
commit
52ea908709
@@ -7,6 +7,7 @@ import { TProductUpdateInput } from "@formbricks/types/v1/product";
|
||||
import { TProfileUpdateInput } from "@formbricks/types/v1/profile";
|
||||
import { getServerSession } from "next-auth";
|
||||
import { AuthorizationError } from "@formbricks/types/v1/errors";
|
||||
import { canUserAccessProduct } from "@formbricks/lib/product/auth";
|
||||
|
||||
export async function updateProfileAction(updatedProfile: Partial<TProfileUpdateInput>) {
|
||||
const session = await getServerSession(authOptions);
|
||||
@@ -16,5 +17,11 @@ export async function updateProfileAction(updatedProfile: Partial<TProfileUpdate
|
||||
}
|
||||
|
||||
export async function updateProductAction(productId: string, updatedProduct: Partial<TProductUpdateInput>) {
|
||||
const session = await getServerSession(authOptions);
|
||||
if (!session) throw new AuthorizationError("Not authorized");
|
||||
|
||||
const isAuthorized = await canUserAccessProduct(session.user.id, productId);
|
||||
if (!isAuthorized) throw new AuthorizationError("Not authorized");
|
||||
|
||||
return await updateProduct(productId, updatedProduct);
|
||||
}
|
||||
|
||||
22
packages/lib/product/auth.ts
Normal file
22
packages/lib/product/auth.ts
Normal file
@@ -0,0 +1,22 @@
|
||||
import { ZId } from "@formbricks/types/v1/environment";
|
||||
import { validateInputs } from "../utils/validate";
|
||||
import { getProduct, getProductCacheTag } from "./service";
|
||||
import { unstable_cache } from "next/cache";
|
||||
import { getTeamsByUserId } from "../team/service";
|
||||
|
||||
export const canUserAccessProduct = async (userId: string, productId: string): Promise<boolean> =>
|
||||
await unstable_cache(
|
||||
async () => {
|
||||
validateInputs([userId, ZId], [productId, ZId]);
|
||||
|
||||
if (!userId || !productId) return false;
|
||||
|
||||
const product = await getProduct(productId);
|
||||
if (!product) return false;
|
||||
|
||||
const teamIds = (await getTeamsByUserId(userId)).map((team) => team.id);
|
||||
return teamIds.includes(product.teamId);
|
||||
},
|
||||
[`users-${userId}-products-${productId}`],
|
||||
{ revalidate: 30 * 60, tags: [getProductCacheTag(productId)] }
|
||||
)(); // 30 minutes
|
||||
@@ -14,7 +14,7 @@ import { validateInputs } from "../utils/validate";
|
||||
import { createEnvironment, getEnvironmentCacheTag, getEnvironmentsCacheTag } from "../environment/service";
|
||||
|
||||
export const getProductsCacheTag = (teamId: string): string => `teams-${teamId}-products`;
|
||||
const getProductCacheTag = (environmentId: string): string => `environments-${environmentId}-product`;
|
||||
export const getProductCacheTag = (environmentId: string): string => `environments-${environmentId}-product`;
|
||||
const getProductCacheKey = (environmentId: string): string[] => [getProductCacheTag(environmentId)];
|
||||
|
||||
const selectProduct = {
|
||||
|
||||
Reference in New Issue
Block a user