From 1956ccd7b5b7eb149de26f67d1db701b90d7f4ab Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Thu, 9 Apr 2026 16:03:33 -0400 Subject: [PATCH] fix: add companyId filter to metadata update + export CompanySkillUpdateAuth type - Scope metadata update WHERE clause to companyId for defence-in-depth - Add CompanySkillUpdateAuth inferred type export to match other schemas Co-Authored-By: Claude Opus 4.6 --- packages/shared/src/validators/company-skill.ts | 1 + packages/shared/src/validators/index.ts | 1 + server/src/services/company-skills.ts | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/shared/src/validators/company-skill.ts b/packages/shared/src/validators/company-skill.ts index 26dcea66..58b9165d 100644 --- a/packages/shared/src/validators/company-skill.ts +++ b/packages/shared/src/validators/company-skill.ts @@ -138,3 +138,4 @@ export type CompanySkillImport = z.infer; export type CompanySkillProjectScan = z.infer; export type CompanySkillCreate = z.infer; export type CompanySkillFileUpdate = z.infer; +export type CompanySkillUpdateAuth = z.infer; diff --git a/packages/shared/src/validators/index.ts b/packages/shared/src/validators/index.ts index 2019f35c..d1bc3929 100644 --- a/packages/shared/src/validators/index.ts +++ b/packages/shared/src/validators/index.ts @@ -56,6 +56,7 @@ export { type CompanySkillProjectScan, type CompanySkillCreate, type CompanySkillFileUpdate, + type CompanySkillUpdateAuth, } from "./company-skill.js"; export { agentSkillStateSchema, diff --git a/server/src/services/company-skills.ts b/server/src/services/company-skills.ts index 587adc68..6549fda8 100644 --- a/server/src/services/company-skills.ts +++ b/server/src/services/company-skills.ts @@ -2354,7 +2354,7 @@ export function companySkillService(db: Db) { await db .update(companySkills) .set({ metadata: meta, updatedAt: new Date() }) - .where(eq(companySkills.id, skill.id)); + .where(and(eq(companySkills.id, skill.id), eq(companySkills.companyId, companyId))); } }