fix: added auth check

functions/graphql/form/resolver.ts

@@ -31,7 +31,7 @@ const queries = {
     ctx: ServerContext
   ) => {
     ensureAuthenticated(ctx)
-    return FormService.getFormResponsesByFormId(input.formId)
+    return FormService.getFormResponsesByFormId(input.formId, ctx)
   },
 }
 

functions/graphql/form/types.ts

@@ -98,7 +98,6 @@ export const types = `#graphql
     type FormResponse {
         id: ID!
 
-        form: Form
         formId: String!
 
         name: String!
@@ -110,6 +109,9 @@ export const types = `#graphql
         websiteUrl: String
         company: String
 
+        tags: [String]
+        approved: Boolean
+
         reatedAt: Date
         updatedAt: Date
     }

services/form.ts

@@ -1,5 +1,7 @@
 import prismaClient from '../db'
+import AccessDeniedError from '../errors/AccessDeniedError'
 import { UpdateFormData } from '../functions/graphql/form/interfaces'
+import { ServerContext } from '../functions/graphql/interfaces'
 
 class FormService {
   public static createForm = prismaClient.form.create
@@ -30,9 +32,22 @@ class FormService {
 
   public static createFormResponse = prismaClient.formResponse.create
 
-  public static getFormResponsesByFormId(formId: string) {
+  public static getFormResponsesByFormId(formId: string, ctx: ServerContext) {
+    if (!ctx.user?.id) throw new AccessDeniedError()
+
     return prismaClient.formResponse.findMany({
-      where: { form: { id: formId } },
+      where: {
+        AND: [
+          {
+            form: {
+              id: formId,
+              project: {
+                ProjectAccessMapping: { every: { user: { id: ctx.user.id } } }, // TODO: Need to test more deeply
+              },
+            },
+          },
+        ],
+      },
     })
   }
 }