gb_flea/paperclip
1
0
Fork 0
forked from farhoodlabs/paperclip
Code Pull Requests Activity

fix: add companyId filter to metadata update + export CompanySkillUpdateAuth type

Browse Source 
- Scope metadata update WHERE clause to companyId for defence-in-depth
- Add CompanySkillUpdateAuth inferred type export to match other schemas

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Chris Farhood
2026-04-09 16:03:33 -04:00
parent e3c172a06f
commit 1956ccd7b5
3 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/services/company-skills.ts
+1 -1
View File
@@ -2354,7 +2354,7 @@ export function companySkillService(db: Db) {
await db
.update(companySkills)
.set({ metadata: meta, updatedAt: new Date() })
.where(eq(companySkills.id, skill.id));
.where(and(eq(companySkills.id, skill.id), eq(companySkills.companyId, companyId)));
}
}