Merge pull request #15 from jl4guna/dev

Fix Personal transactions visible to anyone
jl4guna · Mar 1, 2024 · 5c9aa00 · 5c9aa00
2 parents ac6a82b + b70ef92
commit 5c9aa00
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/app/models/dashboard/Transaction.server.ts b/app/models/dashboard/Transaction.server.ts
@@ -18,6 +18,7 @@ export function getTransactionListItems(
   startDate?: Date,
   endDate?: Date,
   personal?: boolean,
+  userId?: string,
 ) {
   const whereFilter = filter ? { category: { name: filter } } : {};
 
@@ -39,13 +40,19 @@ export function getTransactionListItems(
     whereSearch = { amount: { equals: amount } };
   }
 
+  const wherePersonal = personal
+    ? { personal: true, userId }
+    : { personal: false };
+
+  console.log("wherePersonal", wherePersonal);
   return prisma.transaction.findMany({
     orderBy: {
       date: "desc",
     },
     where: {
       AND: [
-        { personal: personal, installments: 1 },
+        { installments: 1 },
+        wherePersonal,
         whereFilter,
         whereSearch,
         startDate && endDate ? { date: { gte: startDate, lte: endDate } } : {},

diff --git a/app/routes/dashboard.Transaction._index.tsx b/app/routes/dashboard.Transaction._index.tsx
@@ -42,6 +42,7 @@ export async function action({ request }: ActionFunctionArgs) {
 }
 
 export async function loader({ request }: LoaderFunctionArgs) {
+  const userId = await requireUserId(request);
   const searchParams = new URL(request.url).searchParams as any;
   const { filter, search, start, end, personal } = Object.fromEntries(
     searchParams.entries(),
@@ -62,6 +63,7 @@ export async function loader({ request }: LoaderFunctionArgs) {
     startDate,
     endDate,
     isPersonal,
+    userId,
   );
   const categories = await getCategoryListItems();