Skip to content

Commit

Permalink
security fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
CarinaWolli committed Oct 14, 2022
1 parent f99bee1 commit d397120
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions packages/trpc/server/routers/viewer/workflows.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,12 @@ export const workflowsRouter = createProtectedRouter()
},
});

if (!userWorkflow || userWorkflow.userId !== user.id) throw new TRPCError({ code: "UNAUTHORIZED" });
if (
!userWorkflow ||
userWorkflow.userId !== user.id ||
steps.filter((step) => step.workflowId != id).length > 0
)
throw new TRPCError({ code: "UNAUTHORIZED" });

const oldActiveOnEventTypes = await ctx.prisma.workflowsOnEventTypes.findMany({
where: {
Expand Down Expand Up @@ -290,7 +295,7 @@ export const workflowsRouter = createProtectedRouter()
if (
newEventType &&
newEventType.userId !== user.id &&
newEventType?.team?.members.filter((membership) => membership.userId === user.id).length === 0
!newEventType?.team?.members.filter((membership) => membership.userId === user.id).length
) {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
Expand Down Expand Up @@ -644,11 +649,7 @@ export const workflowsRouter = createProtectedRouter()
const addedSteps = steps.map((s) => {
if (s.id <= 0) {
const { id: stepId, ...stepToAdd } = s;
if (stepToAdd.workflowId === id) {
return stepToAdd;
} else {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
return stepToAdd;
}
});

Expand Down

0 comments on commit d397120

Please sign in to comment.