♻️ 🧹 upsert reciient, deleteRecipient, send

2025-11-18 10:42:01 +10:00 · 2023-03-01 15:41:43 +01:00
parent 891f032468
commit 10b81bc757
8 changed files with 119 additions and 106 deletions
--- a/apps/web/pages/api/documents/[id]/fields/index.ts
+++ b/apps/web/pages/api/documents/[id]/fields/index.ts
@ -25,7 +25,7 @@ async function getHandler(req: NextApiRequest, res: NextApiResponse) {
    return;
  }

-  // todo encapsulate entity ownerships checks
+  // todo entity ownerships checks

  const fields = await prisma.field.findMany({
    where: { documentId: +documentId },
@ -57,7 +57,7 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {

  const document: PrismaDocument = await getDocument(+documentId, req, res);

-  // todo encapsulate entity ownerships checks
+  // todo entity ownerships checks
  if (document.userId !== user.id) {
    return res.status(401).send("User does not have access to this document.");
  }
--- a/apps/web/pages/api/documents/[id]/recipients/index.ts
+++ b/apps/web/pages/api/documents/[id]/recipients/index.ts
@ -23,7 +23,7 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {

  const document: PrismaDocument = await getDocument(+documentId, req, res);

-  // todo encapsulate entity ownerships checks
+  // todo entity ownerships checks
  if (document.userId !== user.id) {
    return res.status(401).send("User does not have access to this document.");
  }