pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-25 09:31:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
5794b5bf3d214a46d7669fc93ac5a8d3692a7e5e
thrilltrack-explorer/src/hooks/useProfileFieldAccess.ts
gpt-engineer-app[bot] 93075ba6ca Refine profile privacy controls
2025-09-29 02:46:03 +00:00

94 lines
2.2 KiB
TypeScript
Raw Blame History

import { useState, useEffect } from 'react';
import { supabase } from '@/integrations/supabase/client';
import { useAuth } from '@/hooks/useAuth';
interface ProfileFieldAccess {
[fieldName: string]: boolean;
}
export function useProfileFieldAccess(profileUserId: string | null | undefined) {
const { user } = useAuth();
const [fieldAccess, setFieldAccess] = useState<ProfileFieldAccess>({});
const [loading, setLoading] = useState(true);
useEffect(() => {
if (!profileUserId) {
setLoading(false);
return;
}
checkFieldAccess();
}, [profileUserId, user?.id]);
const checkFieldAccess = async () => {
if (!profileUserId || !user?.id) {
setLoading(false);
return;
}
try {
setLoading(true);
// Fields that might need privacy checking
const fieldsToCheck = [
'date_of_birth',
'personal_location',
'location_id',
'preferred_pronouns',
'home_park_id',
'bio',
'avatar_url',
'avatar_image_id'
];
const accessChecks: ProfileFieldAccess = {};
// Check each field individually using our security definer function
for (const field of fieldsToCheck) {
const { data, error } = await supabase.rpc('can_view_profile_field', {
_viewer_id: user.id,
_profile_user_id: profileUserId,
_field_name: field
});
if (error) {
console.error(`Error checking access for field ${field}:`, error);
accessChecks[field] = false;
} else {
accessChecks[field] = data === true;
}
}
setFieldAccess(accessChecks);
} catch (error) {
console.error('Error checking field access:', error);
// Default to denying access on error
setFieldAccess({});
} finally {
setLoading(false);
}
};
const canViewField = (fieldName: string): boolean => {
if (!profileUserId || !user?.id) {
return false;
}
// Users can always see their own fields
if (user.id === profileUserId) {
return true;
}
return fieldAccess[fieldName] || false;
};
const refresh = () => {
checkFieldAccess();
};
return {
canViewField,
loading,
refresh
};
}
Reference in New Issue View Git Blame Copy Permalink