final touch

2024-02-14 08:10:45 -05:00
parent 41df9d0c82
commit 88d73703f8
6 changed files with 70 additions and 15 deletions
@@ -16,6 +16,10 @@ export default async function updateLinkById(
    };

  const collectionIsAccessible = await getPermission({ userId, linkId });
+  const targetCollectionIsAccessible = await getPermission({
+    userId,
+    collectionId: data.collection.id,
+  });

  const memberHasAccess = collectionIsAccessible?.members.some(
    (e: UsersAndCollections) => e.userId === userId && e.canUpdate
@@ -25,6 +29,28 @@ export default async function updateLinkById(
    collectionIsAccessible?.ownerId === data.collection.ownerId &&
    data.collection.ownerId === userId;

+  const targetCollectionsAccessible =
+    targetCollectionIsAccessible?.ownerId === userId;
+
+  const targetCollectionMatchesData = data.collection.id
+    ? data.collection.id === targetCollectionIsAccessible?.id
+    : true && data.collection.name
+      ? data.collection.name === targetCollectionIsAccessible?.name
+      : true && data.collection.ownerId
+        ? data.collection.ownerId === targetCollectionIsAccessible?.ownerId
+        : true;
+
+  if (!targetCollectionsAccessible)
+    return {
+      response: "Target collection is not accessible.",
+      status: 401,
+    };
+  else if (!targetCollectionMatchesData)
+    return {
+      response: "Target collection does not match the data.",
+      status: 401,
+    };
+
  const unauthorizedSwitchCollection =
    !isCollectionOwner && collectionIsAccessible?.id !== data.collection.id;