From 9f462c2f1f0898a3e2e98bc0233dcabcaf5545fa Mon Sep 17 00:00:00 2001 From: egecankomur Date: Wed, 6 May 2026 22:31:58 +0300 Subject: [PATCH] =?UTF-8?q?fix:=20filter=20teams=20by=20app=20=E2=80=94=20?= =?UTF-8?q?getUserTeams=20and=20setActiveTenant=20now=20reject=20cross-app?= =?UTF-8?q?=20teams?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/lib/appwrite/tenant-actions.ts | 20 +++++++++++++++----- src/lib/appwrite/tenant.ts | 20 ++++++++++++++++++-- 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/src/lib/appwrite/tenant-actions.ts b/src/lib/appwrite/tenant-actions.ts index 70288eb..9a7f776 100644 --- a/src/lib/appwrite/tenant-actions.ts +++ b/src/lib/appwrite/tenant-actions.ts @@ -2,7 +2,7 @@ import { cookies } from "next/headers"; import { redirect } from "next/navigation"; -import { AppwriteException, ID, Permission, Role } from "node-appwrite"; +import { AppwriteException, ID, Permission, Role, Query } from "node-appwrite"; import { createAdminClient, createSessionClient } from "./server"; import { DATABASE_ID, TABLES } from "./schema"; @@ -88,12 +88,22 @@ export async function createWorkspaceAction( export async function setActiveTenantAction(tenantId: string) { try { - const { account } = await createSessionClient(); + const { account, teams, tablesDB } = await createSessionClient(); const user = await account.get(); - const teams = await (await createSessionClient()).teams.list(); - const owns = teams.teams.some((t) => t.$id === tenantId); - if (!owns) { + const allTeams = await teams.list(); + const isMember = allTeams.teams.some((t) => t.$id === tenantId); + if (!isMember) { + return { ok: false, error: "Bu çalışma alanına erişiminiz yok." }; + } + + // Verify this team belongs to this app (not a team from another KovakSoft product) + const settingsCheck = await tablesDB.listRows({ + databaseId: DATABASE_ID, + tableId: TABLES.tenantSettings, + queries: [Query.equal("tenantId", tenantId), Query.limit(1)], + }); + if (settingsCheck.total === 0) { return { ok: false, error: "Bu çalışma alanına erişiminiz yok." }; } diff --git a/src/lib/appwrite/tenant.ts b/src/lib/appwrite/tenant.ts index 0dbd90e..adb7227 100644 --- a/src/lib/appwrite/tenant.ts +++ b/src/lib/appwrite/tenant.ts @@ -1,14 +1,30 @@ import "server-only"; import { cookies } from "next/headers"; +import { Query } from "node-appwrite"; import { createSessionClient } from "./server"; import { ACTIVE_TENANT_COOKIE } from "./tenant-types"; +import { DATABASE_ID, TABLES } from "./schema"; export async function getUserTeams() { try { - const { teams } = await createSessionClient(); - return await teams.list(); + const { teams, tablesDB } = await createSessionClient(); + const allTeams = await teams.list(); + + if (allTeams.teams.length === 0) return allTeams; + + // Filter to only teams that belong to this app (have a tenant_settings row in this database) + const teamIds = allTeams.teams.map((t) => t.$id); + const settings = await tablesDB.listRows({ + databaseId: DATABASE_ID, + tableId: TABLES.tenantSettings, + queries: [Query.equal("tenantId", teamIds), Query.limit(100)], + }); + const validIds = new Set(settings.rows.map((r) => r.tenantId as string)); + + const filtered = allTeams.teams.filter((t) => validIds.has(t.$id)); + return { ...allTeams, teams: filtered, total: filtered.length }; } catch { return null; }