From 6324cc9aa6f8a7d716c8db092cc51952a4fcfab4 Mon Sep 17 00:00:00 2001 From: cfngc4594 Date: Fri, 29 May 2026 10:28:56 +0800 Subject: [PATCH] fix(submission): restrict submission access to current user --- src/app/actions/analyze.ts | 9 ++++-- .../problems/detail/components/table.tsx | 30 ++++++++++++------- .../submission/components/content.tsx | 2 +- .../problems/submission/components/table.tsx | 8 +++-- 4 files changed, 33 insertions(+), 16 deletions(-) diff --git a/src/app/actions/analyze.ts b/src/app/actions/analyze.ts index b39356e..f226353 100644 --- a/src/app/actions/analyze.ts +++ b/src/app/actions/analyze.ts @@ -75,8 +75,13 @@ export const getAnalysis = async ( ); } - const analysis = await prisma.codeAnalysis.findUnique({ - where: { submissionId: submissionId }, + const analysis = await prisma.codeAnalysis.findFirst({ + where: { + submissionId, + submission: { + userId: session.user.id, + }, + }, }); if (!analysis) { diff --git a/src/features/problems/detail/components/table.tsx b/src/features/problems/detail/components/table.tsx index ef4ded6..cfc87b2 100644 --- a/src/features/problems/detail/components/table.tsx +++ b/src/features/problems/detail/components/table.tsx @@ -1,4 +1,5 @@ import { cn } from "@/lib/utils"; +import { auth } from "@/lib/auth"; import prisma from "@/lib/prisma"; import { Locale } from "@/generated/client"; import { Label } from "@/components/ui/label"; @@ -22,17 +23,17 @@ export const DetailTable = async ({ submissionId }: DetailTableProps) => { const t = await getTranslations("DetailsPage"); const s = await getTranslations("StatusMessage"); const locale = (await getLocale()) as Locale; - const submission = await prisma.submission.findUnique({ - where: { - id: submissionId, - }, - }); - const judge = await prisma.judge.findUnique({ - where: { submissionId }, - select: { - compileOutput: true, - }, - }); + const session = await auth(); + const userId = session?.user?.id; + + const submission = userId + ? await prisma.submission.findFirst({ + where: { + id: submissionId, + userId, + }, + }) + : null; if (!submission) return ( @@ -41,6 +42,13 @@ export const DetailTable = async ({ submissionId }: DetailTableProps) => { ); + const judge = await prisma.judge.findUnique({ + where: { submissionId }, + select: { + compileOutput: true, + }, + }); + const createdAt = new Date(submission.createdAt); const submittedDisplay = formatSubmissionDate(createdAt, locale); diff --git a/src/features/problems/submission/components/content.tsx b/src/features/problems/submission/components/content.tsx index 28bb51c..5d2791f 100644 --- a/src/features/problems/submission/components/content.tsx +++ b/src/features/problems/submission/components/content.tsx @@ -46,7 +46,7 @@ export const SubmissionContent = async ({ return userId ? (
- +
) : ( diff --git a/src/features/problems/submission/components/table.tsx b/src/features/problems/submission/components/table.tsx index 6169430..e738d6a 100644 --- a/src/features/problems/submission/components/table.tsx +++ b/src/features/problems/submission/components/table.tsx @@ -11,13 +11,17 @@ import { SubmissionTableRow } from "@/features/problems/submission/components/ro interface SubmissionTableProps { problemId: string; + userId: string; } -export const SubmissionTable = async ({ problemId }: SubmissionTableProps) => { +export const SubmissionTable = async ({ + problemId, + userId, +}: SubmissionTableProps) => { const t = await getTranslations("SubmissionsTable"); const submissions = await prisma.submission.findMany({ - where: { problemId }, + where: { problemId, userId }, orderBy: { createdAt: "desc" }, });