fix: wip

2025-11-20 19:51:32 +10:00 · 2025-05-07 15:03:20 +10:00
parent 419bc02171
commit 7abfc9e271
390 changed files with 21254 additions and 12607 deletions
--- a/packages/lib/server-only/document/update-document.ts
+++ b/packages/lib/server-only/document/update-document.ts
@ -12,10 +12,11 @@ import { prisma } from '@documenso/prisma';
 import { AppError, AppErrorCode } from '../../errors/app-error';
 import type { TDocumentAccessAuthTypes, TDocumentActionAuthTypes } from '../../types/document-auth';
 import { createDocumentAuthOptions, extractDocumentAuthMethods } from '../../utils/document-auth';
+import { getDocumentWhereInput } from './get-document-by-id';

 export type UpdateDocumentOptions = {
  userId: number;
-  teamId?: number;
+  teamId: number;
  documentId: number;
  data?: {
    title?: string;
@ -34,39 +35,14 @@ export const updateDocument = async ({
  data,
  requestMetadata,
 }: UpdateDocumentOptions) => {
+  const { documentWhereInput, team } = await getDocumentWhereInput({
+    documentId,
+    userId,
+    teamId,
+  });
+
  const document = await prisma.document.findFirst({
-    where: {
-      id: documentId,
-      ...(teamId
-        ? {
-            team: {
-              id: teamId,
-              members: {
-                some: {
-                  userId,
-                },
-              },
-            },
-          }
-        : {
-            userId,
-            teamId: null,
-          }),
-    },
-    include: {
-      team: {
-        select: {
-          members: {
-            where: {
-              userId,
-            },
-            select: {
-              role: true,
-            },
-          },
-        },
-      },
-    },
+    where: documentWhereInput,
  });

  if (!document) {
@ -75,45 +51,42 @@ export const updateDocument = async ({
    });
  }

-  if (teamId) {
-    const currentUserRole = document.team?.members[0]?.role;
-    const isDocumentOwner = document.userId === userId;
-    const requestedVisibility = data?.visibility;
+  const isDocumentOwner = document.userId === userId;
+  const requestedVisibility = data?.visibility;

-    if (!isDocumentOwner) {
-      match(currentUserRole)
-        .with(TeamMemberRole.ADMIN, () => true)
-        .with(TeamMemberRole.MANAGER, () => {
-          const allowedVisibilities: DocumentVisibility[] = [
-            DocumentVisibility.EVERYONE,
-            DocumentVisibility.MANAGER_AND_ABOVE,
-          ];
+  if (!isDocumentOwner) {
+    match(team.currentTeamRole)
+      .with(TeamMemberRole.ADMIN, () => true)
+      .with(TeamMemberRole.MANAGER, () => {
+        const allowedVisibilities: DocumentVisibility[] = [
+          DocumentVisibility.EVERYONE,
+          DocumentVisibility.MANAGER_AND_ABOVE,
+        ];

-          if (
-            !allowedVisibilities.includes(document.visibility) ||
-            (requestedVisibility && !allowedVisibilities.includes(requestedVisibility))
-          ) {
-            throw new AppError(AppErrorCode.UNAUTHORIZED, {
-              message: 'You do not have permission to update the document visibility',
-            });
-          }
-        })
-        .with(TeamMemberRole.MEMBER, () => {
-          if (
-            document.visibility !== DocumentVisibility.EVERYONE ||
-            (requestedVisibility && requestedVisibility !== DocumentVisibility.EVERYONE)
-          ) {
-            throw new AppError(AppErrorCode.UNAUTHORIZED, {
-              message: 'You do not have permission to update the document visibility',
-            });
-          }
-        })
-        .otherwise(() => {
+        if (
+          !allowedVisibilities.includes(document.visibility) ||
+          (requestedVisibility && !allowedVisibilities.includes(requestedVisibility))
+        ) {
          throw new AppError(AppErrorCode.UNAUTHORIZED, {
-            message: 'You do not have permission to update the document',
+            message: 'You do not have permission to update the document visibility',
          });
+        }
+      })
+      .with(TeamMemberRole.MEMBER, () => {
+        if (
+          document.visibility !== DocumentVisibility.EVERYONE ||
+          (requestedVisibility && requestedVisibility !== DocumentVisibility.EVERYONE)
+        ) {
+          throw new AppError(AppErrorCode.UNAUTHORIZED, {
+            message: 'You do not have permission to update the document visibility',
+          });
+        }
+      })
+      .otherwise(() => {
+        throw new AppError(AppErrorCode.UNAUTHORIZED, {
+          message: 'You do not have permission to update the document',
        });
-    }
+      });
  }

  // If no data just return the document since this function is normally chained after a meta update.