[questions][feat] add user check for update, del

3 years ago · e0db02e953
parent 502513ce72
commit e0db02e953
1 changed files with 22 additions and 8 deletions
--- a/apps/portal/src/server/router/questions-question-router.ts
+++ b/apps/portal/src/server/router/questions-question-router.ts
@ -106,14 +106,14 @@ export const questionsQuestionsRouter = createProtectedRouter()
          id: input.id,
        },});

-        if (questionToUpdate?.id !== userId) {
-          throw new TRPCError({
-            code: 'UNAUTHORIZED',
-            message: 'User have no authorization to record.',
-            // Optional: pass the original error to retain stack trace
+      if (questionToUpdate?.id !== userId) {
+        throw new TRPCError({
+          code: 'UNAUTHORIZED',
+          message: 'User have no authorization to record.',
+          // Optional: pass the original error to retain stack trace
        });
-        }
-      // TODO: Check if session user owns this Question.
+      }
+
      return await ctx.prisma.questionsQuestion.update({
        data: {
          ...input,
@ -130,7 +130,21 @@ export const questionsQuestionsRouter = createProtectedRouter()
      id: z.string(),
    }),
    async resolve({ ctx, input }) {
-      // TODO: Check if session user owns this Todo.
+      const userId = ctx.session?.user?.id;
+
+      const questionToUpdate = await ctx.prisma.questionsQuestion.findUnique({
+        where: {
+          id: input.id,
+        },});
+
+      if (questionToUpdate?.id !== userId) {
+        throw new TRPCError({
+          code: 'UNAUTHORIZED',
+          message: 'User have no authorization to record.',
+          // Optional: pass the original error to retain stack trace
+        });
+      }
+
      return await ctx.prisma.questionsQuestion.delete({
        where: {
          id: input.id,