fix: transactions not working for current user

2025-12-05 20:40:12 -08:00 · 2025-11-14 23:36:03 -08:00
parent 2bf2809269
commit d9df04bac5
1 changed files with 11 additions and 6 deletions
--- a/src/server/routes/api/user/files/transaction.ts
+++ b/src/server/routes/api/user/files/transaction.ts
@@ -24,11 +24,16 @@ type Body = {

 const logger = log('api').c('user').c('files').c('transaction');

-function checkInteraction(current: Role, roles: Role[]) {
+function checkInteraction(
+  current: { id: string; role: Role },
+  roles: { id: string; role: Role }[],
+): number[] {
  const indices: number[] = [];

  for (let i = 0; i !== roles.length; ++i) {
-    if (!canInteract(current, roles[i])) {
+    if (roles[i].id === current.id) continue;
+
+    if (!canInteract(current.role, roles[i].role)) {
      indices.push(i);
    }
  }
@@ -58,8 +63,8 @@ export default fastifyPlugin(
          });

          const invalids = checkInteraction(
-            req.user.role,
-            toFavoriteFiles.map((f) => f.User?.role ?? 'USER'),
+            { id: req.user.id, role: req.user.role },
+            toFavoriteFiles.map((f) => ({ id: f.userId ?? '', role: f.User?.role ?? 'USER' })),
          );
          if (invalids.length > 0)
            return res.forbidden(`You don't have the permission to modify files[${invalids.join(', ')}]`);
@@ -147,8 +152,8 @@ export default fastifyPlugin(
        });

        const invalids = checkInteraction(
-          req.user.role,
-          toDeleteFiles.map((f) => f.User?.role ?? 'USER'),
+          { id: req.user.id, role: req.user.role },
+          toDeleteFiles.map((f) => ({ id: f.userId ?? '', role: f.User?.role ?? 'USER' })),
        );
        if (invalids.length > 0)
          return res.forbidden(`You don't have the permission to delete files[${invalids.join(', ')}]`);