apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-06-28 21:49:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix(zero):scope content workspace queries

Browse source
This commit is contained in:
Anish Sarkar 2026-06-23 13:01:21 +05:30
parent 737d63f3dc
commit be95f65c6b
3 changed files with 20 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

9
surfsense_web/zero/queries/folders.ts
View file

@ -1,9 +1,12 @@
import { defineQuery } from "@rocicorp/zero"; import { defineQuery } from "@rocicorp/zero";
import { z } from "zod"; import { z } from "zod";
import { zql } from "../schema/index"; import { zql } from "../schema/index";
import { canReadSpace, constrainToAllowedSpaces, denySpace } from "./authz";
export const folderQueries = { export const folderQueries = {
bySpace: defineQuery(z.object({ searchSpaceId: z.number() }), ({ args: { searchSpaceId } }) => bySpace: defineQuery(z.object({ searchSpaceId: z.number() }), ({ args: { searchSpaceId }, ctx }) => {
zql.folders.where("searchSpaceId", searchSpaceId).orderBy("position", "asc") const query = zql.folders.where("searchSpaceId", searchSpaceId);
), if (!canReadSpace(ctx, searchSpaceId)) return denySpace(query).orderBy("position", "asc");
return constrainToAllowedSpaces(query, ctx).orderBy("position", "asc");
}),
}; };

9
surfsense_web/zero/queries/inbox.ts
View file

@ -3,7 +3,10 @@ import { z } from "zod";
import { zql } from "../schema/index"; import { zql } from "../schema/index";
export const notificationQueries = { export const notificationQueries = {
byUser: defineQuery(z.object({ userId: z.string() }), ({ args: { userId } }) => byUser: defineQuery(z.object({ userId: z.string() }), ({ args: { userId }, ctx }) => {
zql.notifications.where("userId", userId).orderBy("createdAt", "desc") if (!ctx?.userId || userId !== ctx.userId) {
), return zql.notifications.where("userId", "__none__").orderBy("createdAt", "desc");
}
return zql.notifications.where("userId", ctx.userId).orderBy("createdAt", "desc");
}),
}; };

13
surfsense_web/zero/queries/podcasts.ts
View file

@ -1,12 +1,15 @@
import { defineQuery } from "@rocicorp/zero"; import { defineQuery } from "@rocicorp/zero";
import { z } from "zod"; import { z } from "zod";
import { zql } from "../schema/index"; import { zql } from "../schema/index";
import { canReadSpace, constrainToAllowedSpaces, denySpace } from "./authz";
export const podcastQueries = { export const podcastQueries = {
bySpace: defineQuery(z.object({ searchSpaceId: z.number() }), ({ args: { searchSpaceId } }) => bySpace: defineQuery(z.object({ searchSpaceId: z.number() }), ({ args: { searchSpaceId }, ctx }) => {
zql.podcasts.where("searchSpaceId", searchSpaceId).orderBy("createdAt", "desc") const query = zql.podcasts.where("searchSpaceId", searchSpaceId);
), if (!canReadSpace(ctx, searchSpaceId)) return denySpace(query).orderBy("createdAt", "desc");
byId: defineQuery(z.object({ podcastId: z.number() }), ({ args: { podcastId } }) => return constrainToAllowedSpaces(query, ctx).orderBy("createdAt", "desc");
zql.podcasts.where("id", podcastId).one() }),
byId: defineQuery(z.object({ podcastId: z.number() }), ({ args: { podcastId }, ctx }) =>
constrainToAllowedSpaces(zql.podcasts.where("id", podcastId), ctx).one()
), ),
}; };