4nk/lecoffre-back
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[bug] check that users can't see
All checks were successful
Test - Build & Deploy to Scaleway / build-and-push-images-lecoffre (push) Successful in 1m52s
Details
Test - Build & Deploy to Scaleway / deploy-back-lecoffre (push) Successful in 3s
Details
Test - Build & Deploy to Scaleway / deploy-cron-lecoffre (push) Successful in 2s
Details

Browse Source
This commit is contained in:
Sosthene 2025-07-30 19:07:18 +02:00
parent c33d4faacd
commit 71a2c33bf1
3 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/app/api/admin/OfficeFoldersController.ts
View File

@ -63,8 +63,10 @@ export default class OfficeFoldersController extends ApiController {
} }
const userId: string = req.body.user.userId; const userId: string = req.body.user.userId;
const officeId: string = req.body.user.office_Id;
if (query.where?.stakeholders) delete query.where.stakeholders; if (query.where?.stakeholders) delete query.where.stakeholders;
const officeFoldersWhereInput: Prisma.OfficeFoldersWhereInput = { ...query.where, stakeholders: { some: { uid: userId } } }; if (query.where?.office_uid) delete query.where.office_uid;
const officeFoldersWhereInput: Prisma.OfficeFoldersWhereInput = { ...query.where, stakeholders: { some: { uid: userId } }, office_uid: officeId };
query.where = officeFoldersWhereInput; query.where = officeFoldersWhereInput;
//call service to get prisma entity //call service to get prisma entity

11
src/app/api/notary/OfficeFoldersController.ts
View File

@ -60,8 +60,10 @@ export default class OfficeFoldersController extends ApiController {
} }
const userId: string = req.body.user.userId; const userId: string = req.body.user.userId;
const officeId: string = req.body.user.office_Id;
if (query.where?.stakeholders) delete query.where.stakeholders; if (query.where?.stakeholders) delete query.where.stakeholders;
const officeFoldersWhereInput: Prisma.OfficeFoldersWhereInput = { ...query.where, stakeholders: { some: { uid: userId } } }; if (query.where?.office_uid) delete query.where.office_uid;
const officeFoldersWhereInput: Prisma.OfficeFoldersWhereInput = { ...query.where, stakeholders: { some: { uid: userId } }, office_uid: officeId };
query.where = officeFoldersWhereInput; query.where = officeFoldersWhereInput;
//call service to get prisma entity //call service to get prisma entity
@ -253,6 +255,7 @@ export default class OfficeFoldersController extends ApiController {
protected async getOneByUid(req: Request, response: Response) { protected async getOneByUid(req: Request, response: Response) {
try { try {
const uid = req.params["uid"]; const uid = req.params["uid"];
const officeId: string = req.body.user.office_Id;
if (!uid) { if (!uid) {
this.httpBadRequest(response, "No uid provided"); this.httpBadRequest(response, "No uid provided");
return; return;
@ -270,6 +273,12 @@ export default class OfficeFoldersController extends ApiController {
return; return;
} }
// Add office-level validation
if (officeFolderEntity.office_uid !== officeId) {
this.httpUnauthorized(response, "Not authorized to access this folder");
return;
}
//Hydrate ressource with prisma entity //Hydrate ressource with prisma entity
const officeFolder = OfficeFolder.hydrate<OfficeFolder>(officeFolderEntity); const officeFolder = OfficeFolder.hydrate<OfficeFolder>(officeFolderEntity);

4
src/app/api/super-admin/OfficeFoldersController.ts
View File

@ -61,8 +61,10 @@ export default class OfficeFoldersController extends ApiController {
} }
const userId: string = req.body.user.userId; const userId: string = req.body.user.userId;
const officeId: string = req.body.user.office_Id;
if (query.where?.stakeholders) delete query.where.stakeholders; if (query.where?.stakeholders) delete query.where.stakeholders;
const officeFoldersWhereInput: Prisma.OfficeFoldersWhereInput = { ...query.where, stakeholders: { some: { uid: userId } } }; if (query.where?.office_uid) delete query.where.office_uid;
const officeFoldersWhereInput: Prisma.OfficeFoldersWhereInput = { ...query.where, stakeholders: { some: { uid: userId } }, office_uid: officeId };
query.where = officeFoldersWhereInput; query.where = officeFoldersWhereInput;
//call service to get prisma entity //call service to get prisma entity