25 replies

Where to check if user is owner

Hello,

I have and app with three entities User, Deck and Card, and now for any operation on card/deck I need to check if user is owner of that deck

I'm doing it like this:

export const isUserDeckOwner = async (
  deckId: string,
  userId: string,
  prisma: PrismaClient
) => {
  const deck = await prisma.deck.findFirst({
    where: {
      id: deckId,
    },
  });

  if (deck?.userId != userId) {
    throw new TRPCError({
      code: "FORBIDDEN",
      message: "You don't have permission to access this deck",
    });
  }
};

export const isUserDeckOwner = async (
  deckId: string,
  userId: string,
  prisma: PrismaClient
) => {
  const deck = await prisma.deck.findFirst({
    where: {
      id: deckId,
    },
  });

  if (deck?.userId != userId) {
    throw new TRPCError({
      code: "FORBIDDEN",
      message: "You don't have permission to access this deck",
    });
  }
};

But I need to call this in each router method, now I wonder could I create a procedure for this? And if answer is yes how could I pass deckID variable to procedure?

Thanks in advance

TTC

Theo's Typesafe Cult•4y ago•

25 replies

Bozic0909

Where to check if user is owner

Hello,

I have and app with three entities User, Deck and Card, and now for any operation on card/deck I need to check if user is owner of that deck

I'm doing it like this:

export const isUserDeckOwner = async (
  deckId: string,
  userId: string,
  prisma: PrismaClient
) => {
  const deck = await prisma.deck.findFirst({
    where: {
      id: deckId,
    },
  });

  if (deck?.userId != userId) {
    throw new TRPCError({
      code: "FORBIDDEN",
      message: "You don't have permission to access this deck",
    });
  }
};

export const isUserDeckOwner = async (
  deckId: string,
  userId: string,
  prisma: PrismaClient
) => {
  const deck = await prisma.deck.findFirst({
    where: {
      id: deckId,
    },
  });

  if (deck?.userId != userId) {
    throw new TRPCError({
      code: "FORBIDDEN",
      message: "You don't have permission to access this deck",
    });
  }
};

But I need to call this in each router method, now I wonder could I create a procedure for this? And if answer is yes how could I pass deckID variable to procedure?

Thanks in advance

Where to check if user is owner

Similar Threads

Where to check if user is owner

Similar Threads

Similar Threads

Similar Threads