From d27c55c7fc1fd7e74baaa13829429a5f1bbe80ec Mon Sep 17 00:00:00 2001
From: Madhura68 <janpetervisser2@gmail.com>
Date: Sun, 26 Apr 2026 17:25:10 +0200
Subject: [PATCH] fix: sprint board accessible to product members, not only
 owners

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 app/(app)/products/[id]/sprint/page.tsx | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/app/(app)/products/[id]/sprint/page.tsx b/app/(app)/products/[id]/sprint/page.tsx
index bff7432..16885c5 100644
--- a/app/(app)/products/[id]/sprint/page.tsx
+++ b/app/(app)/products/[id]/sprint/page.tsx
@@ -1,7 +1,6 @@
 import { notFound, redirect } from 'next/navigation'
-import { cookies } from 'next/headers'
-import { getIronSession } from 'iron-session'
-import { SessionData, sessionOptions } from '@/lib/session'
+import { getSession } from '@/lib/auth'
+import { getAccessibleProduct } from '@/lib/product-access'
 import { prisma } from '@/lib/prisma'
 import { SprintBoardClient } from '@/components/sprint/sprint-board-client'
 import { SprintHeader } from '@/components/sprint/sprint-header'
@@ -15,11 +14,10 @@ interface Props {
 
 export default async function SprintBoardPage({ params }: Props) {
   const { id } = await params
-  const session = await getIronSession<SessionData>(await cookies(), sessionOptions)
+  const session = await getSession()
+  if (!session.userId) redirect('/login')
 
-  const product = await prisma.product.findFirst({
-    where: { id, user_id: session.userId },
-  })
+  const product = await getAccessibleProduct(id, session.userId)
   if (!product) notFound()
 
   const sprint = await prisma.sprint.findFirst({