Fix scoped access checks

2026-04-25 14:36:55 +02:00 · 2026-04-25 14:36:55 +02:00 · e0efb65efb
commit e0efb65efb
parent d90a8fd560
7 changed files with 84 additions and 19 deletions
--- a/app/api/products/route.ts
+++ b/app/api/products/route.ts
@ -1,5 +1,6 @@
 import { authenticateApiRequest } from '@/lib/api-auth'
 import { prisma } from '@/lib/prisma'
+import { productAccessFilter } from '@/lib/product-access'

 export async function GET(request: Request) {
  const auth = await authenticateApiRequest(request)
@ -8,7 +9,7 @@ export async function GET(request: Request) {
  }

  const products = await prisma.product.findMany({
-    where: { user_id: auth.userId, archived: false },
+    where: { archived: false, ...productAccessFilter(auth.userId) },
    orderBy: { created_at: 'desc' },
    select: { id: true, name: true, repo_url: true },
  })