diff --git a/components/CollectionListing.tsx b/components/CollectionListing.tsx index c067611..eb43386 100644 --- a/components/CollectionListing.tsx +++ b/components/CollectionListing.tsx @@ -69,8 +69,6 @@ const CollectionListing = () => { existingCollectionIds.includes(id) ); - console.log(existingCollectionIds); - // Add new collections that are not in account.collectionOrder and meet the specific conditions collections.forEach((collection) => { if ( @@ -226,10 +224,11 @@ const renderItem = ( return (
{Icon(item as ExtendedTreeItem, onExpand, onCollapse)} diff --git a/lib/api/controllers/links/linkId/updateLinkById.ts b/lib/api/controllers/links/linkId/updateLinkById.ts index 62b2945..e6f7f0d 100644 --- a/lib/api/controllers/links/linkId/updateLinkById.ts +++ b/lib/api/controllers/links/linkId/updateLinkById.ts @@ -16,44 +16,11 @@ export default async function updateLinkById( }; const collectionIsAccessible = await getPermission({ userId, linkId }); - const targetCollectionIsAccessible = await getPermission({ - userId, - collectionId: data.collection.id, - }); - - const memberHasAccess = collectionIsAccessible?.members.some( - (e: UsersAndCollections) => e.userId === userId && e.canUpdate - ); const isCollectionOwner = collectionIsAccessible?.ownerId === data.collection.ownerId && data.collection.ownerId === userId; - const targetCollectionsAccessible = - targetCollectionIsAccessible?.ownerId === userId; - - const targetCollectionMatchesData = data.collection.id - ? data.collection.id === targetCollectionIsAccessible?.id - : true && data.collection.name - ? data.collection.name === targetCollectionIsAccessible?.name - : true && data.collection.ownerId - ? data.collection.ownerId === targetCollectionIsAccessible?.ownerId - : true; - - if (!targetCollectionsAccessible) - return { - response: "Target collection is not accessible.", - status: 401, - }; - else if (!targetCollectionMatchesData) - return { - response: "Target collection does not match the data.", - status: 401, - }; - - const unauthorizedSwitchCollection = - !isCollectionOwner && collectionIsAccessible?.id !== data.collection.id; - const canPinPermission = collectionIsAccessible?.members.some( (e: UsersAndCollections) => e.userId === userId ); @@ -84,6 +51,40 @@ export default async function updateLinkById( return { response: updatedLink, status: 200 }; } + const targetCollectionIsAccessible = await getPermission({ + userId, + collectionId: data.collection.id, + }); + + const memberHasAccess = collectionIsAccessible?.members.some( + (e: UsersAndCollections) => e.userId === userId && e.canUpdate + ); + + const targetCollectionsAccessible = + targetCollectionIsAccessible?.ownerId === userId; + + const targetCollectionMatchesData = data.collection.id + ? data.collection.id === targetCollectionIsAccessible?.id + : true && data.collection.name + ? data.collection.name === targetCollectionIsAccessible?.name + : true && data.collection.ownerId + ? data.collection.ownerId === targetCollectionIsAccessible?.ownerId + : true; + + if (!targetCollectionsAccessible) + return { + response: "Target collection is not accessible.", + status: 401, + }; + else if (!targetCollectionMatchesData) + return { + response: "Target collection does not match the data.", + status: 401, + }; + + const unauthorizedSwitchCollection = + !isCollectionOwner && collectionIsAccessible?.id !== data.collection.id; + // Makes sure collection members (non-owners) cannot move a link to/from a collection. if (unauthorizedSwitchCollection) return {