fix: delete dataroom groups

2025-12-20 01:03:24 +08:00 · 2025-12-09 17:53:10 +01:00
parent 3acd9773f1
commit b81cf62f39
3 changed files with 32 additions and 20 deletions
--- a/pages/api/teams/[teamId]/datarooms/[id]/groups/[groupId]/index.ts
+++ b/pages/api/teams/[teamId]/datarooms/[id]/groups/[groupId]/index.ts
@@ -31,21 +31,16 @@ export default async function handle(
    const userId = (session.user as CustomUser).id;

    try {
-      const team = await prisma.team.findUnique({
+      const teamAccess = await prisma.userTeam.findUnique({
        where: {
-          id: teamId,
-          users: {
-            some: {
-              userId: (session.user as CustomUser).id,
-            },
+          userId_teamId: {
+            userId: userId,
+            teamId: teamId,
          },
        },
-        select: {
-          id: true,
-        },
      });

-      if (!team) {
+      if (!teamAccess) {
        return res.status(403).end("Unauthorized to access this team");
      }

@@ -109,19 +104,16 @@ export default async function handle(
    const userId = (session.user as CustomUser).id;

    try {
-      const team = await prisma.team.findFirst({
+      const teamAccess = await prisma.userTeam.findUnique({
        where: {
-          id: teamId,
-          users: {
-            some: {
-              userId: userId,
-            },
+          userId_teamId: {
+            userId: userId,
+            teamId: teamId,
          },
        },
      });
-
-      if (!team) {
-        return res.status(401).end("Unauthorized");
+      if (!teamAccess) {
+        return res.status(403).end("Unauthorized to access this team");
      }

      const group = await prisma.viewerGroup.update({
@@ -172,6 +164,19 @@ export default async function handle(
    const userId = (session.user as CustomUser).id;

    try {
+      const teamAccess = await prisma.userTeam.findUnique({
+        where: {
+          userId_teamId: {
+            userId: userId,
+            teamId: teamId,
+          },
+        },
+      });
+
+      if (!teamAccess) {
+        return res.status(401).end("Unauthorized");
+      }
+
      // delete links associated with the group
      await prisma.link.deleteMany({
        where: {
@@ -185,6 +190,7 @@ export default async function handle(
        where: {
          id: groupId,
          dataroomId: dataroomId,
+          teamId: teamId,
        },
      });

--- a/prisma/migrations/20251209000000_update_view_model/migration.sql
+++ b/prisma/migrations/20251209000000_update_view_model/migration.sql
@@ -0,0 +1,6 @@
+-- DropForeignKey
+ALTER TABLE "View" DROP CONSTRAINT "View_linkId_fkey";
+
+-- AddForeignKey
+ALTER TABLE "View" ADD CONSTRAINT "View_linkId_fkey" FOREIGN KEY ("linkId") REFERENCES "Link"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+
--- a/prisma/schema/schema.prisma
+++ b/prisma/schema/schema.prisma
@@ -112,7 +112,7 @@ model Domain {

 model View {
  id                  String               @id @default(cuid())
-  link                Link                 @relation(fields: [linkId], references: [id])
+  link                Link                 @relation(fields: [linkId], references: [id], onDelete: Cascade)
  linkId              String
  document            Document?            @relation(fields: [documentId], references: [id], onDelete: Cascade)
  documentId          String?