From c43b6c62035f32ca455f66d5fd22ba661648cde7 Mon Sep 17 00:00:00 2001
From: Hugues Chocart <chocart.hugues@icloud.com>
Date: Sat, 25 May 2024 16:44:59 -0300
Subject: [PATCH] fix: project accesss (#343)

---
 packages/backend/src/utils/authorization.ts | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/packages/backend/src/utils/authorization.ts b/packages/backend/src/utils/authorization.ts
index 43de2465..8974cc80 100644
--- a/packages/backend/src/utils/authorization.ts
+++ b/packages/backend/src/utils/authorization.ts
@@ -3,16 +3,14 @@ import sql from "./db"
 import Context from "./koa"
 import { Action, ResourceName, hasAccess } from "shared"
 
-// TODO: Needs to use account_project instead
 export async function checkProjectAccess(projectId: string, userId: string) {
   const [{ exists: hasAccess }] = await sql`
       select exists (
         select 1 
-        from project 
-        where org_id = (select org_id from account where id = ${userId}) 
-          and id = ${projectId}
+        from account_project ap
+        where ap.project_id = ${projectId} and ap.account_id = ${userId}
       )
-    `
+  `
   return hasAccess
 }