From 476d13d33c94210645d0948d2744e2d72c4f0d3d Mon Sep 17 00:00:00 2001
From: Piyush Garg <piyushgarg.dev@gmail.com>
Date: Sun, 8 Oct 2023 19:38:45 +0530
Subject: [PATCH] fix: added auth check

---
 functions/graphql/form/resolver.ts |  2 +-
 functions/graphql/form/types.ts    |  4 +++-
 services/form.ts                   | 19 +++++++++++++++++--
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/functions/graphql/form/resolver.ts b/functions/graphql/form/resolver.ts
index d4bffa7..67d3352 100644
--- a/functions/graphql/form/resolver.ts
+++ b/functions/graphql/form/resolver.ts
@@ -31,7 +31,7 @@ const queries = {
     ctx: ServerContext
   ) => {
     ensureAuthenticated(ctx)
-    return FormService.getFormResponsesByFormId(input.formId)
+    return FormService.getFormResponsesByFormId(input.formId, ctx)
   },
 }
 
diff --git a/functions/graphql/form/types.ts b/functions/graphql/form/types.ts
index 42b8a89..384e208 100644
--- a/functions/graphql/form/types.ts
+++ b/functions/graphql/form/types.ts
@@ -98,7 +98,6 @@ export const types = `#graphql
     type FormResponse {
         id: ID!
 
-        form: Form
         formId: String!
 
         name: String!
@@ -110,6 +109,9 @@ export const types = `#graphql
         websiteUrl: String
         company: String
 
+        tags: [String]
+        approved: Boolean
+
         reatedAt: Date
         updatedAt: Date
     }
diff --git a/services/form.ts b/services/form.ts
index 01e4417..8120c61 100644
--- a/services/form.ts
+++ b/services/form.ts
@@ -1,5 +1,7 @@
 import prismaClient from '../db'
+import AccessDeniedError from '../errors/AccessDeniedError'
 import { UpdateFormData } from '../functions/graphql/form/interfaces'
+import { ServerContext } from '../functions/graphql/interfaces'
 
 class FormService {
   public static createForm = prismaClient.form.create
@@ -30,9 +32,22 @@ class FormService {
 
   public static createFormResponse = prismaClient.formResponse.create
 
-  public static getFormResponsesByFormId(formId: string) {
+  public static getFormResponsesByFormId(formId: string, ctx: ServerContext) {
+    if (!ctx.user?.id) throw new AccessDeniedError()
+
     return prismaClient.formResponse.findMany({
-      where: { form: { id: formId } },
+      where: {
+        AND: [
+          {
+            form: {
+              id: formId,
+              project: {
+                ProjectAccessMapping: { every: { user: { id: ctx.user.id } } }, // TODO: Need to test more deeply
+              },
+            },
+          },
+        ],
+      },
     })
   }
 }