Files
formbricks/packages/lib/response/auth.ts
Shubham Palriwala c6678a2607 fix: add authorization for Survey actions (#870)
* poc: use server session and api key validation on deletion

* feat: use server session and api key validation on deletion and creation

* feat: packages/lib/apiKey for apiKey services and auth

* shubham/auth-for-api-key

* fix: caching

* feat: handle authorization for action creation, update, delete

* feat: handle authorization for survey creation, updation & deletion

* feat: use cached method across and wrapper for authzn check

* fix: use cached wrapper & introduce more authzn check for survey services in actions

* fix: club caching methods and use authzn errors

* feat: add caching in canUserAccessApiKey

* feat: add caching in canUserAccessAction and use Authzn error

* fix: rename action to actionClass wherever needed

* feat: use caching in core method and update hasEnvAccess call

* fix: use authzn specific error

* fix: use cache getActionClass

* fix: make changes

* fix: import

* fix: import and suggested changes

* fix: rename action and use cache tag

* feat: use services to create team

* fix: atomic services for product & team creation

* improve teamUpdateInput

* use services in signup process

* redirect to prod environment when new product is created

* fix signup bug

---------

Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>
2023-10-03 21:43:34 +02:00

32 lines
1.1 KiB
TypeScript

import "server-only";
import { ZId } from "@formbricks/types/v1/environment";
import { unstable_cache } from "next/cache";
import { SERVICES_REVALIDATION_INTERVAL } from "../constants";
import { hasUserEnvironmentAccess } from "../environment/auth";
import { getSurvey } from "../survey/service";
import { validateInputs } from "../utils/validate";
import { getResponse, getResponseCacheTag } from "./service";
export const canUserAccessResponse = async (userId: string, responseId: string): Promise<boolean> =>
await unstable_cache(
async () => {
validateInputs([userId, ZId], [responseId, ZId]);
if (!userId) return false;
const response = await getResponse(responseId);
if (!response) return false;
const survey = await getSurvey(response.surveyId);
if (!survey) return false;
const hasAccessToEnvironment = await hasUserEnvironmentAccess(userId, survey.environmentId);
if (!hasAccessToEnvironment) return false;
return true;
},
[`users-${userId}-responses-${responseId}`],
{ revalidate: SERVICES_REVALIDATION_INTERVAL, tags: [getResponseCacheTag(responseId)] }
)();