diff options
| author | Dhravya <[email protected]> | 2024-07-01 21:04:31 -0500 |
|---|---|---|
| committer | Dhravya <[email protected]> | 2024-07-01 21:04:31 -0500 |
| commit | 39a62e783cffcdc996ecd2b592cc6ee58249b7f8 (patch) | |
| tree | 252c771a7d968655eb43d51c1df97f2e005bed07 /apps/web/app/(dash) | |
| parent | shareable spaces (diff) | |
| download | supermemory-39a62e783cffcdc996ecd2b592cc6ee58249b7f8.tar.xz supermemory-39a62e783cffcdc996ecd2b592cc6ee58249b7f8.zip | |
fix access controls
Diffstat (limited to 'apps/web/app/(dash)')
| -rw-r--r-- | apps/web/app/(dash)/(memories)/space/[spaceid]/page.tsx | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/apps/web/app/(dash)/(memories)/space/[spaceid]/page.tsx b/apps/web/app/(dash)/(memories)/space/[spaceid]/page.tsx index 759519cb..99999f8b 100644 --- a/apps/web/app/(dash)/(memories)/space/[spaceid]/page.tsx +++ b/apps/web/app/(dash)/(memories)/space/[spaceid]/page.tsx @@ -4,15 +4,23 @@ import MemoriesPage from "../../content"; import { db } from "@/server/db"; import { and, eq } from "drizzle-orm"; import { spacesAccess } from "@/server/db/schema"; +import { auth } from "@/server/auth"; async function Page({ params: { spaceid } }: { params: { spaceid: number } }) { - const { success, data } = await getMemoriesInsideSpace(spaceid); - if (!success ?? !data) return redirect("/home"); + const user = await auth(); const hasAccess = await db.query.spacesAccess.findMany({ - where: and(eq(spacesAccess.spaceId, spaceid)), + where: and( + eq(spacesAccess.spaceId, spaceid), + eq(spacesAccess.userEmail, user?.user!.email!), + ), }); + if (!hasAccess) return redirect("/home"); + + const { success, data } = await getMemoriesInsideSpace(spaceid); + if (!success ?? !data) return redirect("/home"); + return ( <MemoriesPage memoriesAndSpaces={{ memories: data.memories, spaces: [] }} |