mirror/formbricks-formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-02-21 14:29:20 -06:00
Code Issues Packages Projects Releases 100 Wiki Activity

feat: add authorization on product update action during onboarding (#1009)

Browse Source 
Co-authored-by: Matti Nannt <mail@matthiasnannt.com>
This commit is contained in:
Shubham Palriwala
2023-10-09 20:01:19 +05:30
committed by GitHub
parent d05122d2fe
commit 52ea908709
3 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/web/app/(app)/onboarding/actions.ts
View File

@@ -7,6 +7,7 @@ import { TProductUpdateInput } from "@formbricks/types/v1/product";
import { TProfileUpdateInput } from "@formbricks/types/v1/profile";
import { getServerSession } from "next-auth";
import { AuthorizationError } from "@formbricks/types/v1/errors";
import { canUserAccessProduct } from "@formbricks/lib/product/auth";
export async function updateProfileAction(updatedProfile: Partial<TProfileUpdateInput>) {
const session = await getServerSession(authOptions);
@@ -16,5 +17,11 @@ export async function updateProfileAction(updatedProfile: Partial<TProfileUpdate
}
export async function updateProductAction(productId: string, updatedProduct: Partial<TProductUpdateInput>) {
const session = await getServerSession(authOptions);
if (!session) throw new AuthorizationError("Not authorized");
const isAuthorized = await canUserAccessProduct(session.user.id, productId);
if (!isAuthorized) throw new AuthorizationError("Not authorized");
return await updateProduct(productId, updatedProduct);
}

22
packages/lib/product/auth.ts Normal file
View File

@@ -0,0 +1,22 @@
import { ZId } from "@formbricks/types/v1/environment";
import { validateInputs } from "../utils/validate";
import { getProduct, getProductCacheTag } from "./service";
import { unstable_cache } from "next/cache";
import { getTeamsByUserId } from "../team/service";
export const canUserAccessProduct = async (userId: string, productId: string): Promise<boolean> =>
await unstable_cache(
async () => {
validateInputs([userId, ZId], [productId, ZId]);
if (!userId || !productId) return false;
const product = await getProduct(productId);
if (!product) return false;
const teamIds = (await getTeamsByUserId(userId)).map((team) => team.id);
return teamIds.includes(product.teamId);
},
[`users-${userId}-products-${productId}`],
{ revalidate: 30 * 60, tags: [getProductCacheTag(productId)] }
)(); // 30 minutes

2
packages/lib/product/service.ts
View File

@@ -14,7 +14,7 @@ import { validateInputs } from "../utils/validate";
import { createEnvironment, getEnvironmentCacheTag, getEnvironmentsCacheTag } from "../environment/service";
export const getProductsCacheTag = (teamId: string): string => `teams-${teamId}-products`;
const getProductCacheTag = (environmentId: string): string => `environments-${environmentId}-product`;
export const getProductCacheTag = (environmentId: string): string => `environments-${environmentId}-product`;
const getProductCacheKey = (environmentId: string): string[] => [getProductCacheTag(environmentId)];
const selectProduct = {