xwx.moe/el.xwx.moe
xwx.moe/ el.xwx.moe
1
0
Disbranĉigi 0
Fontkodo Issues Tirpetoj Actions Packages Projects Eldonoj Wiki Activity

minor improvements

This commit is contained in:
daniel31x13 2024-02-07 09:48:40 -05:00
parent 2d0093172a
commit daed2d82f4
2 changed files with 37 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
components/LinkViews/LinkComponents/LinkActions.tsx
View File

@ -67,7 +67,8 @@ export default function LinkActions({
return ( return (
<> <>
<div <div
className={`dropdown dropdown-left dropdown-end absolute ${position || "top-3 right-3" className={`dropdown dropdown-left dropdown-end absolute ${
position || "top-3 right-3"
} z-20`} } z-20`}
> >
<div <div
@ -79,7 +80,6 @@ export default function LinkActions({
<i title="More" className="bi-three-dots text-xl" /> <i title="More" className="bi-three-dots text-xl" />
</div> </div>
<ul className="dropdown-content z-[20] menu shadow bg-base-200 border border-neutral-content rounded-box w-44 mr-1 translate-y-10"> <ul className="dropdown-content z-[20] menu shadow bg-base-200 border border-neutral-content rounded-box w-44 mr-1 translate-y-10">
{permissions ? (
<li> <li>
<div <div
role="button" role="button"
@ -94,7 +94,6 @@ export default function LinkActions({
: "Pin to Dashboard"} : "Pin to Dashboard"}
</div> </div>
</li> </li>
) : undefined}
{linkInfo !== undefined && toggleShowInfo ? ( {linkInfo !== undefined && toggleShowInfo ? (
<li> <li>
<div <div

24
lib/api/controllers/links/linkId/updateLinkById.ts
View File

@ -21,10 +21,6 @@ export default async function updateLinkById(
(e: UsersAndCollections) => e.userId === userId && e.canUpdate (e: UsersAndCollections) => e.userId === userId && e.canUpdate
); );
const canCreatePermission = collectionIsAccessible?.members.some(
(e: UsersAndCollections) => e.userId === userId && e.canCreate
);
const isCollectionOwner = const isCollectionOwner =
collectionIsAccessible?.ownerId === data.collection.ownerId && collectionIsAccessible?.ownerId === data.collection.ownerId &&
data.collection.ownerId === userId; data.collection.ownerId === userId;
@ -32,21 +28,19 @@ export default async function updateLinkById(
const unauthorizedSwitchCollection = const unauthorizedSwitchCollection =
!isCollectionOwner && collectionIsAccessible?.id !== data.collection.id; !isCollectionOwner && collectionIsAccessible?.id !== data.collection.id;
// Makes sure collection members (non-owners) cannot move a link to/from a collection. const canPinPermission = collectionIsAccessible?.members.some(
if (unauthorizedSwitchCollection) (e: UsersAndCollections) => e.userId === userId
return { );
response: "You can't move a link to/from a collection you don't own.",
status: 401,
};
// If the user is able to create a link, they can pin it to their dashboard only. // If the user is able to create a link, they can pin it to their dashboard only.
if (canCreatePermission) { if (canPinPermission) {
const updatedLink = await prisma.link.update({ const updatedLink = await prisma.link.update({
where: { where: {
id: linkId, id: linkId,
}, },
data: { data: {
pinnedBy: data?.pinnedBy && data.pinnedBy[0] pinnedBy:
data?.pinnedBy && data.pinnedBy[0]
? { connect: { id: userId } } ? { connect: { id: userId } }
: { disconnect: { id: userId } }, : { disconnect: { id: userId } },
}, },
@ -64,6 +58,12 @@ export default async function updateLinkById(
return { response: updatedLink, status: 200 }; return { response: updatedLink, status: 200 };
} }
// Makes sure collection members (non-owners) cannot move a link to/from a collection.
if (unauthorizedSwitchCollection)
return {
response: "You can't move a link to/from a collection you don't own.",
status: 401,
};
else if (collectionIsAccessible?.ownerId !== userId && !memberHasAccess) else if (collectionIsAccessible?.ownerId !== userId && !memberHasAccess)
return { return {
response: "Collection is not accessible.", response: "Collection is not accessible.",