fix: filters and auth

2025-12-20 01:03:24 +08:00 · 2025-12-08 22:19:54 +01:00
parent ee47989d75
commit f32c79879e
2 changed files with 26 additions and 16 deletions
--- a/app/(ee)/api/ai/store/teams/[teamId]/documents/[documentId]/route.ts
+++ b/app/(ee)/api/ai/store/teams/[teamId]/documents/[documentId]/route.ts
@@ -54,7 +54,7 @@ export async function POST(

    // Get document and version
    const document = await prisma.document.findUnique({
-      where: { id: documentId },
+      where: { id: documentId, teamId },
      include: {
        team: {
          select: {
@@ -186,10 +186,10 @@ export async function POST(
 */
 export async function DELETE(
  req: NextRequest,
-  { params }: { params: { documentId: string } },
+  { params }: { params: { documentId: string; teamId: string } },
 ) {
  try {
-    const { documentId } = params;
+    const { documentId, teamId } = params;
    const session = await getServerSession(authOptions);

    if (!session) {
@@ -198,20 +198,36 @@ export async function DELETE(

    const userId = (session.user as CustomUser).id;

+    // Verify user is member of team
+    const userTeam = await prisma.userTeam.findUnique({
+      where: {
+        userId_teamId: {
+          userId,
+          teamId,
+        },
+      },
+    });
+
+    if (!userTeam) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
    // Get document and verify user access
    const document = await prisma.document.findUnique({
-      where: { id: documentId },
+      where: { id: documentId, teamId },
      include: {
        team: {
-          include: {
-            users: {
-              where: { userId },
-            },
+          select: {
+            vectorStoreId: true,
          },
        },
        versions: {
          where: { isPrimary: true },
          take: 1,
+          select: {
+            id: true,
+            vectorStoreFileId: true,
+          },
        },
      },
    });
@@ -223,10 +239,6 @@ export async function DELETE(
      );
    }

-    if (document.team.users.length === 0) {
-      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-    }
-
    // Check if AI feature is enabled for this team
    const features = await getFeatureFlags({ teamId: document.teamId });
    if (!features.ai) {
--- a/ee/features/ai/lib/chat/send-message.ts
+++ b/ee/features/ai/lib/chat/send-message.ts
@@ -63,9 +63,7 @@ If you cannot find the answer in the documents, say so clearly.`,
      key: "documentId",
      value: filterDocumentId,
    };
-  }
-
-  if (filteredDataroomDocumentIds) {
+  } else if (filteredDataroomDocumentIds) {
    fileSearchOptions.filters = {
      type: "in",
      key: "dataroomDocumentId",
@@ -73,7 +71,7 @@ If you cannot find the answer in the documents, say so clearly.`,
    };
  }

-  const latestMessage = history.at(-1);
+  const latestMessage = history.at(0);
  const previousResponseId =
    (latestMessage?.metadata as { responseId?: string } | null)?.responseId ??
    null;