Ensure non multi-user flow stays

2026-02-06 23:05:23 -08:00
parent 7aa33a1bdf
commit f214e4f7b7
12 changed files with 80 additions and 70 deletions
@@ -211,17 +211,15 @@ export const registerDashboardRoutes = (
    if (!req.user) return res.status(401).json({ error: "Unauthorized" });

    const { id } = req.params;
-    const drawing = await prisma.drawing.findUnique({ where: { id } });
+    const drawing = await prisma.drawing.findFirst({
+      where: {
+        id,
+        userId: req.user.id,
+      },
+    });
    if (!drawing) {
      return res.status(404).json({ error: "Drawing not found", message: "Drawing does not exist" });
    }
-    if (drawing.userId !== req.user.id) {
-      return res.status(403).json({
-        error: "Forbidden",
-        code: "DRAWING_ACCESS_DENIED",
-        message: "You do not have access to this drawing",
-      });
-    }

    return res.json({
      ...drawing,