From de317694150619bdccff43437b873da062f13e13 Mon Sep 17 00:00:00 2001
From: Ephraim Atta-Duncan <ephraimduncan68@gmail.com>
Date: Mon, 20 Jan 2025 03:42:52 +0000
Subject: [PATCH] fix: create audit log router

---
 .../trpc/server/document-router/router.ts     | 37 ++++++++++---------
 .../trpc/server/document-router/schema.ts     | 12 ++++++
 2 files changed, 31 insertions(+), 18 deletions(-)

diff --git a/packages/trpc/server/document-router/router.ts b/packages/trpc/server/document-router/router.ts
index da60a6daf..e6d2fcb80 100644
--- a/packages/trpc/server/document-router/router.ts
+++ b/packages/trpc/server/document-router/router.ts
@@ -31,6 +31,7 @@ import { DocumentDataType, DocumentStatus } from '@documenso/prisma/client';
 
 import { authenticatedProcedure, procedure, router } from '../trpc';
 import {
+  ZCreateAuditLogMutationSchema,
   ZCreateDocumentRequestSchema,
   ZCreateDocumentV2RequestSchema,
   ZCreateDocumentV2ResponseSchema,
@@ -629,27 +630,29 @@ export const documentRouter = router({
       };
     }),
 
+  /**
+   * @private
+   */
   createAuditLog: authenticatedProcedure
-    .input(
-      z.object({
-        documentId: z.number(),
-        type: z.literal('DOCUMENT_SIGNING_LINK_COPIED'),
-        data: z.object({
-          recipientEmail: z.string(),
-          recipientName: z.string(),
-          recipientId: z.number(),
-          recipientRole: z.string(),
-          isBulkCopy: z.boolean(),
-        }),
-      }),
-    )
+    .input(ZCreateAuditLogMutationSchema)
     .mutation(async ({ input, ctx }) => {
+      const { teamId } = ctx;
       const { documentId, type, data } = input;
 
-      console.log('input', input);
-      console.log('copiedddd');
+      const document = await getDocumentById({
+        documentId,
+        userId: ctx.user.id,
+        teamId,
+      }).catch(() => null);
 
-      const auditLog = await prisma.documentAuditLog.create({
+      if (!document || (teamId && document.teamId !== teamId)) {
+        throw new TRPCError({
+          code: 'FORBIDDEN',
+          message: 'You do not have access to this document.',
+        });
+      }
+
+      return await prisma.documentAuditLog.create({
         data: createDocumentAuditLogData({
           type,
           data,
@@ -658,7 +661,5 @@ export const documentRouter = router({
           metadata: ctx.metadata,
         }),
       });
-
-      return auditLog;
     }),
 });
diff --git a/packages/trpc/server/document-router/schema.ts b/packages/trpc/server/document-router/schema.ts
index c9b3b4d3c..8af2cf0e0 100644
--- a/packages/trpc/server/document-router/schema.ts
+++ b/packages/trpc/server/document-router/schema.ts
@@ -326,6 +326,18 @@ export const ZDownloadCertificateMutationSchema = z.object({
   documentId: z.number(),
 });
 
+export const ZCreateAuditLogMutationSchema = z.object({
+  documentId: z.number(),
+  type: z.literal('DOCUMENT_SIGNING_LINK_COPIED'),
+  data: z.object({
+    recipientEmail: z.string(),
+    recipientName: z.string(),
+    recipientId: z.number(),
+    recipientRole: z.string(),
+    isBulkCopy: z.boolean(),
+  }),
+});
+
 export const ZMoveDocumentToTeamSchema = z.object({
   documentId: z.number().describe('The ID of the document to move to a team.'),
   teamId: z.number().describe('The ID of the team to move the document to.'),