✨ Block access to all polls for banned user (#1606)

apps/web/src/app/[locale]/invite/[urlId]/layout.tsx

@@ -20,7 +20,7 @@ export default async function Layout({
     trpc.polls.comments.list.prefetch({ pollId: params.urlId }),
   ]);
 
-  if (!poll || poll.deleted) {
+  if (!poll || poll.deleted || poll.user?.banned) {
     notFound();
   }
 

apps/web/src/app/[locale]/invite/[urlId]/page.tsx

@@ -56,6 +56,7 @@ export async function generateMetadata({
       user: {
         select: {
           name: true,
+          banned: true,
         },
       },
     },
@@ -63,7 +64,7 @@ export async function generateMetadata({
 
   const { t } = await getTranslation(locale);
 
-  if (!poll || poll.deleted) {
+  if (!poll || poll.deleted || poll.user?.banned) {
     notFound();
   }
 

apps/web/src/trpc/client/types.ts

@@ -1,4 +1,4 @@
-import type { PollStatus, User, VoteType } from "@rallly/database";
+import type { PollStatus, VoteType } from "@rallly/database";
 
 export type GetPollApiResponse = {
   id: string;
@@ -6,7 +6,13 @@ export type GetPollApiResponse = {
   location: string | null;
   description: string | null;
   options: { id: string; startTime: Date; duration: number }[];
-  user: User | null;
+  user: {
+    id: string;
+    name: string;
+    email: string | null;
+    image: string | null;
+    banned: boolean;
+  } | null;
   timeZone: string | null;
   adminUrlId: string;
   status: PollStatus;

apps/web/src/trpc/routers/polls.ts

@@ -446,7 +446,15 @@ export const polls = router({
               startTime: "asc",
             },
           },
-          user: true,
+          user: {
+            select: {
+              id: true,
+              name: true,
+              email: true,
+              image: true,
+              banned: true,
+            },
+          },
           userId: true,
           guestId: true,
           deleted: true,