Skip to content

Commit b939d1e

Browse files
msukkarimsukkari
committed
enforce permitted user check even when no where clause
1 parent 0bd5453 commit b939d1e

File tree

1 file changed

+20
-20
lines changed

1 file changed

+20
-20
lines changed

packages/web/src/prisma.ts

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -27,27 +27,27 @@ export const userScopedPrismaClientExtension = (userId?: string) => {
2727
query: {
2828
...(env.EXPERIMENT_EE_PERMISSION_SYNC_ENABLED === 'true' && hasEntitlement('permission-syncing') ? {
2929
repo: {
30-
$allOperations({ args, query }) {
31-
if ('where' in args) {
32-
args.where = {
33-
...args.where,
34-
OR: [
35-
// Only include repos that are permitted to the user
36-
...(userId ? [
37-
{
38-
permittedUsers: {
39-
some: {
40-
userId,
41-
}
42-
}
43-
},
44-
] : []),
45-
// or are public.
30+
async $allOperations({ args, query }) {
31+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
32+
const argsWithWhere = args as any;
33+
argsWithWhere.where = {
34+
...(argsWithWhere.where || {}),
35+
OR: [
36+
// Only include repos that are permitted to the user
37+
...(userId ? [
4638
{
47-
isPublic: true,
48-
}
49-
]
50-
}
39+
permittedUsers: {
40+
some: {
41+
userId,
42+
}
43+
}
44+
},
45+
] : []),
46+
// or are public.
47+
{
48+
isPublic: true,
49+
}
50+
]
5151
}
5252

5353
return query(args);

0 commit comments

Comments
 (0)