From aaf359054202f1fe7da9381a8caa7560ff0cc95f Mon Sep 17 00:00:00 2001
From: daniel31x13 <daniel31x13@gmail.com>
Date: Thu, 12 Sep 2024 15:30:15 -0400
Subject: [PATCH] members with edit permission can now refresh preservation as
 well + bug fix

---
 components/LinkDetails.tsx                    |  2 +-
 .../LinkViews/LinkComponents/LinkActions.tsx  | 31 ++++++++++---------
 components/ModalContent/LinkModal.tsx         | 31 ++++++++++---------
 .../links/linkId/updateLinkById.ts            | 13 ++++++--
 pages/api/v1/links/[id]/archive/index.ts      | 17 ++++++++--
 5 files changed, 58 insertions(+), 36 deletions(-)

diff --git a/components/LinkDetails.tsx b/components/LinkDetails.tsx
index d83d711..e745055 100644
--- a/components/LinkDetails.tsx
+++ b/components/LinkDetails.tsx
@@ -440,7 +440,7 @@ export default function LinkDetails({
 
             {mode === "view" ? (
               <div className="flex gap-2 flex-wrap rounded-md p-2 bg-base-200 border border-base-200 w-full text-xs">
-                {link.tags[0] ? (
+                {link.tags && link.tags[0] ? (
                   link.tags.map((tag) =>
                     isPublicRoute ? (
                       <div
diff --git a/components/LinkViews/LinkComponents/LinkActions.tsx b/components/LinkViews/LinkComponents/LinkActions.tsx
index fab7ffb..e444f18 100644
--- a/components/LinkViews/LinkComponents/LinkActions.tsx
+++ b/components/LinkViews/LinkComponents/LinkActions.tsx
@@ -127,21 +127,22 @@ export default function LinkActions({ link, btnStyle }: Props) {
                 </div>
               </li>
             )}
-            {link.type === "url" && permissions === true && (
-              <li>
-                <div
-                  role="button"
-                  tabIndex={0}
-                  onClick={() => {
-                    (document?.activeElement as HTMLElement)?.blur();
-                    updateArchive();
-                  }}
-                  className="whitespace-nowrap"
-                >
-                  {t("refresh_preserved_formats")}
-                </div>
-              </li>
-            )}
+            {link.type === "url" &&
+              (permissions === true || permissions?.canUpdate) && (
+                <li>
+                  <div
+                    role="button"
+                    tabIndex={0}
+                    onClick={() => {
+                      (document?.activeElement as HTMLElement)?.blur();
+                      updateArchive();
+                    }}
+                    className="whitespace-nowrap"
+                  >
+                    {t("refresh_preserved_formats")}
+                  </div>
+                </li>
+              )}
             {(permissions === true || permissions?.canDelete) && (
               <li>
                 <div
diff --git a/components/ModalContent/LinkModal.tsx b/components/ModalContent/LinkModal.tsx
index 1b66690..41b742e 100644
--- a/components/ModalContent/LinkModal.tsx
+++ b/components/ModalContent/LinkModal.tsx
@@ -108,21 +108,22 @@ export default function LinkModal({
                   </div>
                 </li>
               }
-              {link.type === "url" && permissions === true && (
-                <li>
-                  <div
-                    role="button"
-                    tabIndex={0}
-                    onClick={() => {
-                      (document?.activeElement as HTMLElement)?.blur();
-                      onUpdateArchive();
-                    }}
-                    className="whitespace-nowrap"
-                  >
-                    {t("refresh_preserved_formats")}
-                  </div>
-                </li>
-              )}
+              {link.type === "url" &&
+                (permissions === true || permissions?.canUpdate) && (
+                  <li>
+                    <div
+                      role="button"
+                      tabIndex={0}
+                      onClick={() => {
+                        (document?.activeElement as HTMLElement)?.blur();
+                        onUpdateArchive();
+                      }}
+                      className="whitespace-nowrap"
+                    >
+                      {t("refresh_preserved_formats")}
+                    </div>
+                  </li>
+                )}
               {(permissions === true || permissions?.canDelete) && (
                 <li>
                   <div
diff --git a/lib/api/controllers/links/linkId/updateLinkById.ts b/lib/api/controllers/links/linkId/updateLinkById.ts
index 587c2b2..f5d53f2 100644
--- a/lib/api/controllers/links/linkId/updateLinkById.ts
+++ b/lib/api/controllers/links/linkId/updateLinkById.ts
@@ -96,9 +96,18 @@ export default async function updateLinkById(
       },
     });
 
-    if (oldLink && oldLink?.url !== data.url) {
+    if (
+      data.url &&
+      oldLink &&
+      oldLink?.url !== data.url &&
+      isValidUrl(data.url)
+    ) {
       await removeFiles(oldLink.id, oldLink.collectionId);
-    }
+    } else
+      return {
+        response: "Invalid URL.",
+        status: 401,
+      };
 
     const updatedLink = await prisma.link.update({
       where: {
diff --git a/pages/api/v1/links/[id]/archive/index.ts b/pages/api/v1/links/[id]/archive/index.ts
index 72583ae..4953935 100644
--- a/pages/api/v1/links/[id]/archive/index.ts
+++ b/pages/api/v1/links/[id]/archive/index.ts
@@ -2,8 +2,10 @@ import type { NextApiRequest, NextApiResponse } from "next";
 import { prisma } from "@/lib/api/db";
 import verifyUser from "@/lib/api/verifyUser";
 import isValidUrl from "@/lib/shared/isValidUrl";
-import { Collection, Link } from "@prisma/client";
-import { removeFiles } from "@/lib/api/manageLinkFiles";
+import { LinkIncludingShortenedCollectionAndTags } from "@/types/global";
+import { UsersAndCollections } from "@prisma/client";
+import getPermission from "@/lib/api/getPermission";
+import { moveFiles, removeFiles } from "@/lib/api/manageLinkFiles";
 
 const RE_ARCHIVE_LIMIT = Number(process.env.RE_ARCHIVE_LIMIT) || 5;
 
@@ -23,7 +25,16 @@ export default async function links(req: NextApiRequest, res: NextApiResponse) {
       response: "Link not found.",
     });
 
-  if (link.collection.ownerId !== user.id)
+  const collectionIsAccessible = await getPermission({
+    userId: user.id,
+    collectionId: link.collectionId,
+  });
+
+  const memberHasAccess = collectionIsAccessible?.members.some(
+    (e: UsersAndCollections) => e.userId === user.id && e.canUpdate
+  );
+
+  if (!(collectionIsAccessible?.ownerId === user.id || memberHasAccess))
     return res.status(401).json({
       response: "Permission denied.",
     });