From af4a357709d6222a628eb246aea5cc2670e6d30b Mon Sep 17 00:00:00 2001 From: Madhura68 Date: Sun, 26 Apr 2026 17:15:26 +0200 Subject: [PATCH] fix: product backlog page accessible to members, not only owners Replaced owner-only query (user_id = session.userId) with getAccessibleProduct which also accepts product members. Co-Authored-By: Claude Sonnet 4.6 --- app/(app)/products/[id]/page.tsx | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/app/(app)/products/[id]/page.tsx b/app/(app)/products/[id]/page.tsx index ecb1507..b41c25e 100644 --- a/app/(app)/products/[id]/page.tsx +++ b/app/(app)/products/[id]/page.tsx @@ -1,7 +1,6 @@ -import { notFound } from 'next/navigation' -import { cookies } from 'next/headers' -import { getIronSession } from 'iron-session' -import { SessionData, sessionOptions } from '@/lib/session' +import { notFound, redirect } from 'next/navigation' +import { getSession } from '@/lib/auth' +import { getAccessibleProduct } from '@/lib/product-access' import { prisma } from '@/lib/prisma' import { SplitPane } from '@/components/split-pane/split-pane' import { PbiList } from '@/components/backlog/pbi-list' @@ -16,11 +15,10 @@ interface Props { export default async function ProductBacklogPage({ params }: Props) { const { id } = await params - const session = await getIronSession(await cookies(), sessionOptions) + const session = await getSession() + if (!session.userId) redirect('/login') - const product = await prisma.product.findFirst({ - where: { id, user_id: session.userId }, - }) + const product = await getAccessibleProduct(id, session.userId) if (!product) notFound() const activeSprint = await prisma.sprint.findFirst({