members with edit permission can now refresh preservation as well + bug fix

2024-09-12 15:30:15 -04:00
parent 8bb6e32bfa
commit aaf3590542
5 changed files with 58 additions and 36 deletions
@@ -2,8 +2,10 @@ import type { NextApiRequest, NextApiResponse } from "next";
 import { prisma } from "@/lib/api/db";
 import verifyUser from "@/lib/api/verifyUser";
 import isValidUrl from "@/lib/shared/isValidUrl";
-import { Collection, Link } from "@prisma/client";
-import { removeFiles } from "@/lib/api/manageLinkFiles";
+import { LinkIncludingShortenedCollectionAndTags } from "@/types/global";
+import { UsersAndCollections } from "@prisma/client";
+import getPermission from "@/lib/api/getPermission";
+import { moveFiles, removeFiles } from "@/lib/api/manageLinkFiles";

 const RE_ARCHIVE_LIMIT = Number(process.env.RE_ARCHIVE_LIMIT) || 5;

@@ -23,7 +25,16 @@ export default async function links(req: NextApiRequest, res: NextApiResponse) {
      response: "Link not found.",
    });

-  if (link.collection.ownerId !== user.id)
+  const collectionIsAccessible = await getPermission({
+    userId: user.id,
+    collectionId: link.collectionId,
+  });
+
+  const memberHasAccess = collectionIsAccessible?.members.some(
+    (e: UsersAndCollections) => e.userId === user.id && e.canUpdate
+  );
+
+  if (!(collectionIsAccessible?.ownerId === user.id || memberHasAccess))
    return res.status(401).json({
      response: "Permission denied.",
    });