diff options
| -rw-r--r-- | apps/web/app/(dash)/(memories)/space/[spaceid]/page.tsx | 14 | ||||
| -rw-r--r-- | apps/web/app/actions/fetchers.ts | 60 |
2 files changed, 49 insertions, 25 deletions
diff --git a/apps/web/app/(dash)/(memories)/space/[spaceid]/page.tsx b/apps/web/app/(dash)/(memories)/space/[spaceid]/page.tsx index 759519cb..99999f8b 100644 --- a/apps/web/app/(dash)/(memories)/space/[spaceid]/page.tsx +++ b/apps/web/app/(dash)/(memories)/space/[spaceid]/page.tsx @@ -4,15 +4,23 @@ import MemoriesPage from "../../content"; import { db } from "@/server/db"; import { and, eq } from "drizzle-orm"; import { spacesAccess } from "@/server/db/schema"; +import { auth } from "@/server/auth"; async function Page({ params: { spaceid } }: { params: { spaceid: number } }) { - const { success, data } = await getMemoriesInsideSpace(spaceid); - if (!success ?? !data) return redirect("/home"); + const user = await auth(); const hasAccess = await db.query.spacesAccess.findMany({ - where: and(eq(spacesAccess.spaceId, spaceid)), + where: and( + eq(spacesAccess.spaceId, spaceid), + eq(spacesAccess.userEmail, user?.user!.email!), + ), }); + if (!hasAccess) return redirect("/home"); + + const { success, data } = await getMemoriesInsideSpace(spaceid); + if (!success ?? !data) return redirect("/home"); + return ( <MemoriesPage memoriesAndSpaces={{ memories: data.memories, spaces: [] }} diff --git a/apps/web/app/actions/fetchers.ts b/apps/web/app/actions/fetchers.ts index 1541e4ee..f21a942d 100644 --- a/apps/web/app/actions/fetchers.ts +++ b/apps/web/app/actions/fetchers.ts @@ -1,6 +1,6 @@ "use server"; -import { and, asc, eq, inArray, not, or, sql } from "drizzle-orm"; +import { and, asc, eq, exists, inArray, not, or, sql } from "drizzle-orm"; import { db } from "../../server/db"; import { canvas, @@ -82,46 +82,62 @@ export const getMemoriesInsideSpace = async ( ): ServerActionReturnType<{ memories: Content[]; spaces: StoredSpace[] }> => { const data = await auth(); - if (!data || !data.user) { - redirect("/signin"); + if (!data || !data.user || !data.user.email) { return { error: "Not authenticated", success: false }; } - const memories = await db + const spaces = await db .select() - .from(storedContent) + .from(space) .where( and( - inArray( - storedContent.id, - db - .select({ contentId: contentToSpace.contentId }) - .from(contentToSpace) - .where(eq(contentToSpace.spaceId, spaceId)), - ), + eq(space.id, spaceId), or( - eq(storedContent.userId, data.user.id!), - eq( + eq(space.user, data.user.id!), + exists( db - .select({ userId: spacesAccess.userEmail }) + .select() .from(spacesAccess) - .where(eq(spacesAccess.spaceId, spaceId)), - data.user.email, + .where( + and( + eq(spacesAccess.spaceId, space.id), + eq(spacesAccess.userEmail, data.user.email), + ), + ), ), ), ), ) - .execute(); + .limit(1); - const queriedSpace = await db.query.space.findFirst({ - where: and(eq(users, data.user.id), eq(space.id, spaceId)), - }); + const memories = await db + .select({ + id: storedContent.id, + content: storedContent.content, + title: storedContent.title, + description: storedContent.description, + url: storedContent.url, + savedAt: storedContent.savedAt, + baseUrl: storedContent.baseUrl, + ogImage: storedContent.ogImage, + type: storedContent.type, + image: storedContent.image, + userId: storedContent.userId, + noteId: storedContent.noteId, + }) + .from(storedContent) + .innerJoin(contentToSpace, eq(storedContent.id, contentToSpace.contentId)) + .where(eq(contentToSpace.spaceId, spaceId)); + + if (spaces.length === 0) { + return { error: "Not authorized", success: false }; + } return { success: true, data: { memories: memories, - spaces: queriedSpace ? [queriedSpace] : [], + spaces: spaces, }, }; }; |