Closed mshumayl closed 1 year ago
When querying for a user's saved features, the tRPC endpoint will make a call based on the user passed to the client.
In the tRPC logic, implement a check that the current user is the same as the queried user. If it passes, then make the query. If it does not pass, raise an error.
Better yet, do not get any query parameters from the client. Just get the current logged in user at server-side and make the call using this value.