...
This commit is contained in:
@@ -1,12 +1,39 @@
|
||||
"use server";
|
||||
|
||||
import { auth } from "@/auth";
|
||||
import { headers } from "next/headers";
|
||||
import { ValidateError } from "@/lib/errors";
|
||||
import { ActionInputCreatePair, ActionInputUpdatePairById, ActionOutputGetFoldersWithTotalPairsByUserId, validateActionInputCreatePair, validateActionInputUpdatePairById } from "./folder-action-dto";
|
||||
import { repoCreateFolder, repoCreatePair, repoDeleteFolderById, repoDeletePairById, repoGetFoldersByUserId, repoGetFoldersWithTotalPairsByUserId, repoGetPairsByFolderId, repoGetUserIdByFolderId, repoRenameFolderById, repoUpdatePairById } from "./folder-repository";
|
||||
import { repoCreateFolder, repoCreatePair, repoDeleteFolderById, repoDeletePairById, repoGetFolderIdByPairId, repoGetFoldersByUserId, repoGetFoldersWithTotalPairsByUserId, repoGetPairsByFolderId, repoGetUserIdByFolderId, repoRenameFolderById, repoUpdatePairById } from "./folder-repository";
|
||||
import { validate } from "@/utils/validate";
|
||||
import z from "zod";
|
||||
import { LENGTH_MAX_FOLDER_NAME, LENGTH_MIN_FOLDER_NAME } from "@/shared/constant";
|
||||
|
||||
/**
|
||||
* Helper function to check if the current user is the owner of a folder
|
||||
*/
|
||||
async function checkFolderOwnership(folderId: number): Promise<boolean> {
|
||||
const session = await auth.api.getSession({ headers: await headers() });
|
||||
if (!session?.user?.id) return false;
|
||||
|
||||
const folderOwnerId = await repoGetUserIdByFolderId(folderId);
|
||||
return folderOwnerId === session.user.id;
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper function to check if the current user is the owner of a pair's folder
|
||||
*/
|
||||
async function checkPairOwnership(pairId: number): Promise<boolean> {
|
||||
const session = await auth.api.getSession({ headers: await headers() });
|
||||
if (!session?.user?.id) return false;
|
||||
|
||||
const folderId = await repoGetFolderIdByPairId(pairId);
|
||||
if (!folderId) return false;
|
||||
|
||||
const folderOwnerId = await repoGetUserIdByFolderId(folderId);
|
||||
return folderOwnerId === session.user.id;
|
||||
}
|
||||
|
||||
export async function actionGetPairsByFolderId(folderId: number) {
|
||||
try {
|
||||
return {
|
||||
@@ -25,6 +52,15 @@ export async function actionGetPairsByFolderId(folderId: number) {
|
||||
|
||||
export async function actionUpdatePairById(id: number, dto: ActionInputUpdatePairById) {
|
||||
try {
|
||||
// Check ownership
|
||||
const isOwner = await checkPairOwnership(id);
|
||||
if (!isOwner) {
|
||||
return {
|
||||
success: false,
|
||||
message: 'You do not have permission to update this item.',
|
||||
};
|
||||
}
|
||||
|
||||
const validatedDto = validateActionInputUpdatePairById(dto);
|
||||
await repoUpdatePairById(id, validatedDto);
|
||||
return {
|
||||
@@ -58,6 +94,15 @@ export async function actionGetUserIdByFolderId(folderId: number) {
|
||||
|
||||
export async function actionDeleteFolderById(folderId: number) {
|
||||
try {
|
||||
// Check ownership
|
||||
const isOwner = await checkFolderOwnership(folderId);
|
||||
if (!isOwner) {
|
||||
return {
|
||||
success: false,
|
||||
message: 'You do not have permission to delete this folder.',
|
||||
};
|
||||
}
|
||||
|
||||
await repoDeleteFolderById(folderId);
|
||||
return {
|
||||
success: true,
|
||||
@@ -74,6 +119,15 @@ export async function actionDeleteFolderById(folderId: number) {
|
||||
|
||||
export async function actionDeletePairById(id: number) {
|
||||
try {
|
||||
// Check ownership
|
||||
const isOwner = await checkPairOwnership(id);
|
||||
if (!isOwner) {
|
||||
return {
|
||||
success: false,
|
||||
message: 'You do not have permission to delete this item.',
|
||||
};
|
||||
}
|
||||
|
||||
await repoDeletePairById(id);
|
||||
return {
|
||||
success: true,
|
||||
@@ -122,6 +176,15 @@ export async function actionGetFoldersByUserId(userId: string) {
|
||||
|
||||
export async function actionCreatePair(dto: ActionInputCreatePair) {
|
||||
try {
|
||||
// Check ownership
|
||||
const isOwner = await checkFolderOwnership(dto.folderId);
|
||||
if (!isOwner) {
|
||||
return {
|
||||
success: false,
|
||||
message: 'You do not have permission to add items to this folder.',
|
||||
};
|
||||
}
|
||||
|
||||
const validatedDto = validateActionInputCreatePair(dto);
|
||||
await repoCreatePair(validatedDto);
|
||||
return {
|
||||
@@ -175,6 +238,15 @@ export async function actionCreateFolder(userId: string, folderName: string) {
|
||||
|
||||
export async function actionRenameFolderById(id: number, newName: string) {
|
||||
try {
|
||||
// Check ownership
|
||||
const isOwner = await checkFolderOwnership(id);
|
||||
if (!isOwner) {
|
||||
return {
|
||||
success: false,
|
||||
message: 'You do not have permission to rename this folder.',
|
||||
};
|
||||
}
|
||||
|
||||
const validatedNewName = validate(
|
||||
newName,
|
||||
z.string()
|
||||
|
||||
@@ -122,3 +122,15 @@ export async function repoGetUserIdByFolderId(id: number) {
|
||||
});
|
||||
return folder?.userId;
|
||||
}
|
||||
|
||||
export async function repoGetFolderIdByPairId(pairId: number) {
|
||||
const pair = await prisma.pair.findUnique({
|
||||
where: {
|
||||
id: pairId,
|
||||
},
|
||||
select: {
|
||||
folderId: true,
|
||||
},
|
||||
});
|
||||
return pair?.folderId;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user