gib/GibSend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: enforce team scoping for campaign, contacts, and invites (#356)

Browse Source 
* fix: enforce team-scoped lookups for campaign contacts and invites

* fix(test): mock domain service in campaign security test
This commit is contained in:
KM Koushik
2026-02-23 11:30:05 +11:00
committed by GitHub
parent f7a0d11758
commit 61dfcee67d
8 changed files with 319 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/web/src/server/api/routers/campaign.ts
+2 -2
View File
@@ -128,7 +128,7 @@ export const campaignRouter = createTRPCRouter({
const { html: htmlInput, campaignId, ...data } = input;
if (data.contactBookId) {
const contactBook = await db.contactBook.findUnique({
where: { id: data.contactBookId },
where: { id: data.contactBookId, teamId: team.id },
});
if (!contactBook) {
@@ -191,7 +191,7 @@ export const campaignRouter = createTRPCRouter({
if (campaign?.contactBookId) {
const contactBook = await db.contactBook.findUnique({
where: { id: campaign.contactBookId },
where: { id: campaign.contactBookId, teamId: team.id },
});
return { ...campaign, contactBook, imageUploadSupported };
}