diff --git a/packages/api/src/resolvers/article/index.ts b/packages/api/src/resolvers/article/index.ts index aa57c1543..1c191d0ec 100644 --- a/packages/api/src/resolvers/article/index.ts +++ b/packages/api/src/resolvers/article/index.ts @@ -707,9 +707,9 @@ export const typeaheadSearchResolver = authorized< TypeaheadSearchSuccess, TypeaheadSearchError, QueryTypeaheadSearchArgs ->(async (_obj, { query, first }, { log }) => { +>(async (_obj, { query, first }, { log, uid }) => { try { - const items = await findLibraryItemsByPrefix(query, first || undefined) + const items = await findLibraryItemsByPrefix(query, uid, first || undefined) return { items: items.map((item) => ({ diff --git a/packages/api/src/routers/svc/content.ts b/packages/api/src/routers/svc/content.ts index aed246711..ce184ea5b 100644 --- a/packages/api/src/routers/svc/content.ts +++ b/packages/api/src/routers/svc/content.ts @@ -71,7 +71,8 @@ export function contentServiceRouter() { .withRepository(libraryItemRepository) .createQueryBuilder('item') .innerJoinAndSelect('item.uploadFile', 'file') - .where('file.id = :fileId', { fileId }) + .where('item.user = :userId', { userId: uploadFile.user.id }) + .andWhere('file.id = :fileId', { fileId }) .getOne(), undefined, uploadFile.user.id diff --git a/packages/api/src/services/library_item.ts b/packages/api/src/services/library_item.ts index 0fcf6940e..49a363acf 100644 --- a/packages/api/src/services/library_item.ts +++ b/packages/api/src/services/library_item.ts @@ -379,7 +379,8 @@ export const findLibraryItemByUrl = async ( .leftJoinAndSelect('recommendations.recommender', 'recommender') .leftJoinAndSelect('recommender.profile', 'profile') .leftJoinAndSelect('recommendations.group', 'group') - .where('library_item.original_url = :url', { url }) + .where('library_item.user_id = :userId', { userId }) + .andWhere('library_item.original_url = :url', { url }) .getOne(), undefined, userId @@ -485,6 +486,7 @@ export const createLibraryItem = async ( export const findLibraryItemsByPrefix = async ( prefix: string, + userId: string, limit = 5 ): Promise => { const prefixWildcard = `${prefix}%` @@ -492,10 +494,11 @@ export const findLibraryItemsByPrefix = async ( return authTrx(async (tx) => tx .createQueryBuilder(LibraryItem, 'library_item') - .where('library_item.title ILIKE :prefix', { prefix: prefixWildcard }) - .orWhere('library_item.site_name ILIKE :prefix', { - prefix: prefixWildcard, - }) + .where('library_item.user_id = :userId', { userId }) + .andWhere( + '(library_item.title ILIKE :prefix OR library_item.site_name ILIKE :prefix)', + { prefix: prefixWildcard } + ) .orderBy('library_item.savedAt', 'DESC') .limit(limit) .getMany() @@ -511,7 +514,8 @@ export const countByCreatedAt = async ( async (tx) => tx .createQueryBuilder(LibraryItem, 'library_item') - .where('library_item.created_at between :startDate and :endDate', { + .where('library_item.user_id = :userId', { userId }) + .andWhere('library_item.created_at between :startDate and :endDate', { startDate, endDate, }) @@ -608,10 +612,12 @@ export const deleteLibraryItems = async ( ) } -export const deleteLibraryItemByUrl = async (url: string, userId?: string) => { +export const deleteLibraryItemByUrl = async (url: string, userId: string) => { return authTrx( async (tx) => - tx.withRepository(libraryItemRepository).delete({ originalUrl: url }), + tx + .withRepository(libraryItemRepository) + .delete({ originalUrl: url, user: { id: userId } }), undefined, userId )