From f7e5e823d5dee36ea11f243a0da7d84a1f363419 Mon Sep 17 00:00:00 2001
From: Meier Lukas <meierschlumpf@gmail.com>
Date: Sat, 24 May 2025 17:49:08 +0200
Subject: [PATCH] fix(visual): check for creator board permission is wrong
 (#3212)

---
 packages/auth/permissions/board-permissions.ts |  7 ++++---
 .../permissions/test/board-permissions.spec.ts | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/packages/auth/permissions/board-permissions.ts b/packages/auth/permissions/board-permissions.ts
index 6d5591cf2..8dd0bab2c 100644
--- a/packages/auth/permissions/board-permissions.ts
+++ b/packages/auth/permissions/board-permissions.ts
@@ -23,21 +23,22 @@ export type BoardPermissionsProps = (
 
 export const constructBoardPermissions = (board: BoardPermissionsProps, session: Session | null) => {
   const creatorId = "creator" in board ? board.creator?.id : board.creatorId;
+  const isCreator = session !== null && session.user.id === creatorId;
 
   return {
     hasFullAccess:
-      session?.user.id === creatorId ||
+      isCreator ||
       board.userPermissions.some(({ permission }) => permission === "full") ||
       board.groupPermissions.some(({ permission }) => permission === "full") ||
       (session?.user.permissions.includes("board-full-all") ?? false),
     hasChangeAccess:
-      session?.user.id === creatorId ||
+      isCreator ||
       board.userPermissions.some(({ permission }) => permission === "modify" || permission === "full") ||
       board.groupPermissions.some(({ permission }) => permission === "modify" || permission === "full") ||
       (session?.user.permissions.includes("board-modify-all") ?? false) ||
       (session?.user.permissions.includes("board-full-all") ?? false),
     hasViewAccess:
-      session?.user.id === creatorId ||
+      isCreator ||
       board.userPermissions.length >= 1 ||
       board.groupPermissions.length >= 1 ||
       board.isPublic ||
diff --git a/packages/auth/permissions/test/board-permissions.spec.ts b/packages/auth/permissions/test/board-permissions.spec.ts
index f897491ae..ee7752c20 100644
--- a/packages/auth/permissions/test/board-permissions.spec.ts
+++ b/packages/auth/permissions/test/board-permissions.spec.ts
@@ -286,4 +286,22 @@ describe("constructBoardPermissions", () => {
     expect(result.hasChangeAccess).toBe(false);
     expect(result.hasViewAccess).toBe(true);
   });
+  test("should return all false when creator is null and session is null", () => {
+    // Arrange
+    const board = {
+      creator: null,
+      userPermissions: [],
+      groupPermissions: [],
+      isPublic: false,
+    };
+    const session = null;
+
+    // Act
+    const result = constructBoardPermissions(board, session);
+
+    // Assert
+    expect(result.hasFullAccess).toBe(false);
+    expect(result.hasChangeAccess).toBe(false);
+    expect(result.hasViewAccess).toBe(false);
+  });
 });