fix: visibility

2025-11-13 00:03:33 +10:00 · 2025-06-13 01:02:40 +10:00
parent 12fe045195
commit 031a7b9e36
1 changed files with 40 additions and 41 deletions
--- a/packages/lib/server-only/document/get-document-by-id.ts
+++ b/packages/lib/server-only/document/get-document-by-id.ts
@ -1,5 +1,5 @@
 import type { Prisma } from '@prisma/client';
-import { TeamMemberRole } from '@prisma/client';
+import { DocumentStatus, TeamMemberRole } from '@prisma/client';
 import { match } from 'ts-pattern';

 import { prisma } from '@documenso/prisma';
@ -83,10 +83,46 @@ export const getDocumentWhereInput = async ({
 }: GetDocumentWhereInputOptions) => {
  const team = await getTeamById({ teamId, userId });

+  const user = await prisma.user.findFirstOrThrow({
+    where: {
+      id: userId,
+    },
+  });
+
+  const teamVisibilityFilters = match(team.currentTeamRole)
+    .with(TeamMemberRole.ADMIN, () => [
+      DocumentVisibility.EVERYONE,
+      DocumentVisibility.MANAGER_AND_ABOVE,
+      DocumentVisibility.ADMIN,
+    ])
+    .with(TeamMemberRole.MANAGER, () => [
+      DocumentVisibility.EVERYONE,
+      DocumentVisibility.MANAGER_AND_ABOVE,
+    ])
+    .otherwise(() => [DocumentVisibility.EVERYONE]);
+
  const documentOrInput: Prisma.DocumentWhereInput[] = [
+    // Allow access if they own the document.
    {
-      userId: userId,
-      teamId: team.id,
+      userId,
+    },
+    // Or, if they belong to the team that the document is associated with.
+    {
+      visibility: {
+        in: teamVisibilityFilters,
+      },
+      teamId,
+    },
+    // Or, if they are a recipient of the document.
+    {
+      status: {
+        not: DocumentStatus.DRAFT,
+      },
+      recipients: {
+        some: {
+          email: user.email,
+        },
+      },
    },
  ];

@ -113,45 +149,8 @@ export const getDocumentWhereInput = async ({
    OR: documentOrInput,
  };

-  const user = await prisma.user.findFirstOrThrow({
-    where: {
-      id: userId,
-    },
-  });
-
-  const visibilityFilters = [
-    ...match(team.currentTeamRole)
-      .with(TeamMemberRole.ADMIN, () => [
-        { visibility: DocumentVisibility.EVERYONE },
-        { visibility: DocumentVisibility.MANAGER_AND_ABOVE },
-        { visibility: DocumentVisibility.ADMIN },
-      ])
-      .with(TeamMemberRole.MANAGER, () => [
-        { visibility: DocumentVisibility.EVERYONE },
-        { visibility: DocumentVisibility.MANAGER_AND_ABOVE },
-      ])
-      .otherwise(() => [{ visibility: DocumentVisibility.EVERYONE }]),
-    {
-      OR: [
-        {
-          recipients: {
-            some: {
-              email: user.email,
-            },
-          },
-        },
-        {
-          userId: user.id,
-        },
-      ],
-    },
-  ];
-
  return {
-    documentWhereInput: {
-      ...documentWhereInput,
-      // OR: [...visibilityFilters],
-    },
+    documentWhereInput,
    team,
  };
 };