kovakmedya/isletmem-kovakcrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: filter teams by app — getUserTeams and setActiveTenant now reject cross-app teams

Browse Source
This commit is contained in:
kovakmedya
2026-05-06 22:31:57 +03:00
parent b06bba1901
commit f81b7bf139
2 changed files with 33 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/appwrite/tenant-actions.ts
+15 -5
View File
@@ -2,7 +2,7 @@
import { cookies } from "next/headers"; import { cookies } from "next/headers";
import { redirect } from "next/navigation"; import { redirect } from "next/navigation";
import { AppwriteException, ID, Permission, Role } from "node-appwrite"; import { AppwriteException, ID, Permission, Role, Query } from "node-appwrite";
import { createAdminClient, createSessionClient } from "./server"; import { createAdminClient, createSessionClient } from "./server";
import { DATABASE_ID, TABLES } from "./schema"; import { DATABASE_ID, TABLES } from "./schema";
@@ -91,12 +91,22 @@ export async function createWorkspaceAction(
export async function setActiveTenantAction(tenantId: string) { export async function setActiveTenantAction(tenantId: string) {
try { try {
const { account } = await createSessionClient(); const { account, teams, tablesDB } = await createSessionClient();
const user = await account.get(); const user = await account.get();
const teams = await (await createSessionClient()).teams.list(); const allTeams = await teams.list();
const owns = teams.teams.some((t) => t.$id === tenantId); const isMember = allTeams.teams.some((t) => t.$id === tenantId);
if (!owns) { if (!isMember) {
return { ok: false, error: "Bu çalışma alanına erişiminiz yok." };
}
// Verify this team belongs to this app (not a team from another KovakSoft product)
const settingsCheck = await tablesDB.listRows({
databaseId: DATABASE_ID,
tableId: TABLES.tenantSettings,
queries: [Query.equal("tenantId", tenantId), Query.limit(1)],
});
if (settingsCheck.total === 0) {
return { ok: false, error: "Bu çalışma alanına erişiminiz yok." }; return { ok: false, error: "Bu çalışma alanına erişiminiz yok." };
} }
src/lib/appwrite/tenant.ts
+18 -2
View File
@@ -1,14 +1,30 @@
import "server-only"; import "server-only";
import { cookies } from "next/headers"; import { cookies } from "next/headers";
import { Query } from "node-appwrite";
import { createSessionClient } from "./server"; import { createSessionClient } from "./server";
import { ACTIVE_TENANT_COOKIE } from "./tenant-types"; import { ACTIVE_TENANT_COOKIE } from "./tenant-types";
import { DATABASE_ID, TABLES } from "./schema";
export async function getUserTeams() { export async function getUserTeams() {
try { try {
const { teams } = await createSessionClient(); const { teams, tablesDB } = await createSessionClient();
return await teams.list(); const allTeams = await teams.list();
if (allTeams.teams.length === 0) return allTeams;
// Filter to only teams that belong to this app (have a tenant_settings row in this database)
const teamIds = allTeams.teams.map((t) => t.$id);
const settings = await tablesDB.listRows({
databaseId: DATABASE_ID,
tableId: TABLES.tenantSettings,
queries: [Query.equal("tenantId", teamIds), Query.limit(100)],
});
const validIds = new Set(settings.rows.map((r) => r.tenantId as string));
const filtered = allTeams.teams.filter((t) => validIds.has(t.$id));
return { ...allTeams, teams: filtered, total: filtered.length };
} catch { } catch {
return null; return null;
} }