janpeter/Scrum4Me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: product backlog page accessible to members, not only owners

Browse source 
Replaced owner-only query (user_id = session.userId) with
getAccessibleProduct which also accepts product members.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Janpeter Visser 2026-04-26 17:15:26 +02:00
parent 928328b380
commit af4a357709
1 changed files with 6 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
app/(app)/products/[id]/page.tsx
View file

@ -1,7 +1,6 @@
import { notFound } from 'next/navigation'
import { cookies } from 'next/headers'
import { getIronSession } from 'iron-session'
import { SessionData, sessionOptions } from '@/lib/session'
import { notFound, redirect } from 'next/navigation'
import { getSession } from '@/lib/auth'
import { getAccessibleProduct } from '@/lib/product-access'
import { prisma } from '@/lib/prisma'
import { SplitPane } from '@/components/split-pane/split-pane'
import { PbiList } from '@/components/backlog/pbi-list'
@ -16,11 +15,10 @@ interface Props {
export default async function ProductBacklogPage({ params }: Props) {
const { id } = await params
const session = await getIronSession<SessionData>(await cookies(), sessionOptions)
const session = await getSession()
if (!session.userId) redirect('/login')
const product = await prisma.product.findFirst({
where: { id, user_id: session.userId },
})
const product = await getAccessibleProduct(id, session.userId)
if (!product) notFound()
const activeSprint = await prisma.sprint.findFirst({