-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix feature invite member #49
base: dev
Are you sure you want to change the base?
Conversation
@@ -29,6 +30,10 @@ const resolvers = { | |||
isAuthenticated, | |||
(_, { token }, { user }) => acceptInvitation(token, user), | |||
), | |||
cancelInvitation: combineResolvers( | |||
isAuthenticated, | |||
(_, { userId, teamId }) => cancelInvitation(userId, teamId), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Chỗ này phải dùng user đang đăng nhập chứ không gửi userId, dùng userId sẽ dẫn tới XSS. Một user đăng nhập khác có thể cancel invitation của bất kỳ user nào trong hệ thống.
@@ -32,6 +33,7 @@ function InviteMember({ teamMembers, alias }) { | |||
}); | |||
const dispatch = useDispatch() | |||
const [InviteMemberMutation, { loading, error }] = useMutation(InviteMemberQuery); | |||
const [CancelInvitationMutation] = useMutation(CancelInvitationQuery); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mấy cái mutation nên viết thường chữ đầu tiên.
<button type="button" className="mr-4 hover:underline hover:text-blue-800 cursor-pointer text-blue-500">Cancle</button> | ||
<button | ||
type="button" | ||
onClick={() => handleAction({ type: 'cancel', member: it })} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tạo function cho cái onClick
user_id: userId, | ||
}, { status: 'inactive' }, transaction)); | ||
|
||
queries.push(updateTeamInvitation({ email: user.email }, { status: 'inactive' }, transaction)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
chỗ này phải update là decline?
export async function cancelInvitation(userId, teamId) { | ||
let transaction; | ||
try { | ||
transaction = await database.transaction(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cần kiểm tra là invitation có đang active hay không?
When are you planing to update this? I can see other issues also which are there. Any plan to release them? I am thinking to use this as base for my project but it seems to be not updated recently. |
No description provided.