feat(MED-131): check permissions for 'audit' schema

2025-08-04 16:51:12 +03:00
parent 4b198cd10c
commit ff3335d331
1 changed files with 4 additions and 7 deletions
--- a/lib/services/medusaCart.service.ts
+++ b/lib/services/medusaCart.service.ts
@@ -2,7 +2,7 @@
 import { z } from 'zod';
 import { loadCurrentUserAccount } from '@/app/home/(user)/_lib/server/load-user-account';
-import { getSupabaseServerClient } from '@kit/supabase/server-client';
+import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client';
 import { addToCart, deleteLineItem, retrieveCart } from '@lib/data/cart';
 import { StoreCartLineItem, StoreProductVariant } from '@medusajs/types';
 import { MontonioOrderHandlerService } from '@/packages/billing/montonio/src';
@@ -36,7 +36,6 @@ export async function handleAddToCart({
  selectedVariant: StoreProductVariant
  countryCode: string
 }) {
  const supabase = getSupabaseServerClient();
  const user = await requireUserInServerComponent();
  const account = await loadCurrentUserAccount()
  if (!account) {
@@ -50,7 +49,7 @@ export async function handleAddToCart({
    countryCode,
  });
-  const { error } = await supabase
+  const { error } = await getSupabaseServerAdminClient()
    .schema('audit')
    .from('cart_entries')
    .insert({
@@ -68,7 +67,6 @@ export async function handleAddToCart({
 }
 export async function handleNavigateToPayment({ language, paymentSessionId }: { language: string, paymentSessionId: string }) {
  const supabase = getSupabaseServerClient();
  const user = await requireUserInServerComponent();
  const account = await loadCurrentUserAccount()
  if (!account) {
@@ -90,7 +88,7 @@ export async function handleNavigateToPayment({ language, paymentSessionId }: {
    merchantReference: `${account.id}:${paymentSessionId}:${cart.id}`,
  });
-  const { error } = await supabase
+  const { error } = await getSupabaseServerAdminClient()
    .schema('audit')
    .from('cart_entries')
    .insert({
@@ -111,7 +109,6 @@ export async function handleLineItemTimeout({
 }: {
  lineItem: StoreCartLineItem
 }) {
  const supabase = getSupabaseServerClient();
  const user = await requireUserInServerComponent();
  const account = await loadCurrentUserAccount()
  if (!account) {
@@ -120,7 +117,7 @@ export async function handleLineItemTimeout({
  await deleteLineItem(lineItem.id);
-  const { error } = await supabase
+  const { error } = await getSupabaseServerAdminClient()
    .schema('audit')
    .from('cart_entries')
    .insert({