From 578cff250740bf5cacca422a3a1bc8c95415364d Mon Sep 17 00:00:00 2001
From: Sosokker <sirinza29@gmail.com>
Date: Thu, 7 Nov 2024 15:51:04 +0700
Subject: [PATCH] feat: can only access own's project edit page

---
 src/app/project/[projectId]/edit/page.tsx | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/app/project/[projectId]/edit/page.tsx b/src/app/project/[projectId]/edit/page.tsx
index ed0905d..ebb037b 100644
--- a/src/app/project/[projectId]/edit/page.tsx
+++ b/src/app/project/[projectId]/edit/page.tsx
@@ -4,11 +4,26 @@ import { Separator } from "@/components/ui/separator";
 import { getProjectDataQuery } from "@/lib/data/projectQuery";
 import { createSupabaseClient } from "@/lib/supabase/serverComponentClient";
 import { ProjectEditSchema } from "@/types/schemas/project.schema";
+import { redirect } from "next/navigation";
 
 export default async function EditProjectPage({ params }: { params: { projectId: string } }) {
   const client = createSupabaseClient();
   const projectId = Number(params.projectId);
 
+  // Check permission
+  const { data: user, error: userError } = await client.auth.getUser();
+  const uuid = user.user?.id;
+  const { data, error } = await client.from("project").select("...business(user_id)").eq("id", projectId).single();
+  console.log(uuid);
+  console.log(data);
+  if (userError || error) {
+    redirect("/");
+  }
+
+  if (data.user_id != uuid || data == null) {
+    redirect("/");
+  }
+
   const { data: projectData, error: projectDataError } = await getProjectDataQuery(client, projectId);
 
   if (projectDataError) {