From 617eaacc5fffa83c1fb25bf06b8e825bc5315b3d Mon Sep 17 00:00:00 2001
From: Hammer <hammer7839283@gmail.com>
Date: Wed, 28 Jan 2026 19:38:53 +0000
Subject: [PATCH] feat: shared workspace - remove user scoping from tasks,
 projects, and labels

---
 apps/api/src/routes/labels.ts   | 18 ++++-----------
 apps/api/src/routes/projects.ts | 41 ++++++++-------------------------
 apps/api/src/routes/tasks.ts    | 17 ++++----------
 3 files changed, 18 insertions(+), 58 deletions(-)

diff --git a/apps/api/src/routes/labels.ts b/apps/api/src/routes/labels.ts
index 7804a80..fefe9f2 100644
--- a/apps/api/src/routes/labels.ts
+++ b/apps/api/src/routes/labels.ts
@@ -1,14 +1,13 @@
 import { Elysia, t } from 'elysia';
 import { db } from '../db';
 import { labels, taskLabels } from '../db/schema';
-import { eq, and, asc, sql } from 'drizzle-orm';
+import { eq, asc, sql } from 'drizzle-orm';
 import type { User } from '../lib/auth';
 
 export const labelRoutes = new Elysia({ prefix: '/labels' })
   // List all labels for user
   .get('/', async ({ user }) => {
     const userLabels = await db.query.labels.findMany({
-      where: eq(labels.userId, (user as User).id),
       orderBy: [asc(labels.sortOrder), asc(labels.name)],
     });
     
@@ -33,10 +32,7 @@ export const labelRoutes = new Elysia({ prefix: '/labels' })
   // Get single label with tasks
   .get('/:id', async ({ params, user, set }) => {
     const label = await db.query.labels.findFirst({
-      where: and(
-        eq(labels.id, params.id),
-        eq(labels.userId, (user as User).id)
-      ),
+      where: eq(labels.id, params.id),
     });
     
     if (!label) {
@@ -70,10 +66,7 @@ export const labelRoutes = new Elysia({ prefix: '/labels' })
   // Update label
   .patch('/:id', async ({ params, body, user, set }) => {
     const existing = await db.query.labels.findFirst({
-      where: and(
-        eq(labels.id, params.id),
-        eq(labels.userId, (user as User).id)
-      ),
+      where: eq(labels.id, params.id),
     });
     
     if (!existing) {
@@ -106,10 +99,7 @@ export const labelRoutes = new Elysia({ prefix: '/labels' })
   // Delete label
   .delete('/:id', async ({ params, user, set }) => {
     const existing = await db.query.labels.findFirst({
-      where: and(
-        eq(labels.id, params.id),
-        eq(labels.userId, (user as User).id)
-      ),
+      where: eq(labels.id, params.id),
     });
     
     if (!existing) {
diff --git a/apps/api/src/routes/projects.ts b/apps/api/src/routes/projects.ts
index cf7fa40..370637d 100644
--- a/apps/api/src/routes/projects.ts
+++ b/apps/api/src/routes/projects.ts
@@ -8,10 +8,7 @@ export const projectRoutes = new Elysia({ prefix: '/projects' })
   // List all projects for user
   .get('/', async ({ user }) => {
     const userProjects = await db.query.projects.findMany({
-      where: and(
-        eq(projects.userId, (user as User).id),
-        eq(projects.isArchived, false)
-      ),
+      where: eq(projects.isArchived, false),
       orderBy: [desc(projects.isInbox), asc(projects.sortOrder), asc(projects.createdAt)],
       with: {
         sections: {
@@ -25,10 +22,7 @@ export const projectRoutes = new Elysia({ prefix: '/projects' })
   // Get single project with sections and task counts
   .get('/:projectId', async ({ params, user, set }) => {
     const project = await db.query.projects.findFirst({
-      where: and(
-        eq(projects.id, params.projectId),
-        eq(projects.userId, (user as User).id)
-      ),
+      where: eq(projects.id, params.projectId),
       with: {
         sections: {
           orderBy: [asc(sections.sortOrder)],
@@ -69,10 +63,7 @@ export const projectRoutes = new Elysia({ prefix: '/projects' })
   // Update project
   .patch('/:projectId', async ({ params, body, user, set }) => {
     const existing = await db.query.projects.findFirst({
-      where: and(
-        eq(projects.id, params.projectId),
-        eq(projects.userId, (user as User).id)
-      ),
+      where: eq(projects.id, params.projectId),
     });
     
     if (!existing) {
@@ -113,10 +104,7 @@ export const projectRoutes = new Elysia({ prefix: '/projects' })
   // Delete project
   .delete('/:projectId', async ({ params, user, set }) => {
     const existing = await db.query.projects.findFirst({
-      where: and(
-        eq(projects.id, params.projectId),
-        eq(projects.userId, (user as User).id)
-      ),
+      where: eq(projects.id, params.projectId),
     });
     
     if (!existing) {
@@ -142,12 +130,9 @@ export const projectRoutes = new Elysia({ prefix: '/projects' })
 
   // Create section in project
   .post('/:projectId/sections', async ({ params, body, user, set }) => {
-    // Verify project ownership
+    // Verify project exists
     const project = await db.query.projects.findFirst({
-      where: and(
-        eq(projects.id, params.projectId),
-        eq(projects.userId, (user as User).id)
-      ),
+      where: eq(projects.id, params.projectId),
     });
     
     if (!project) {
@@ -174,12 +159,9 @@ export const projectRoutes = new Elysia({ prefix: '/projects' })
 
   // Update section
   .patch('/:projectId/sections/:sectionId', async ({ params, body, user, set }) => {
-    // Verify project ownership
+    // Verify project exists
     const project = await db.query.projects.findFirst({
-      where: and(
-        eq(projects.id, params.projectId),
-        eq(projects.userId, (user as User).id)
-      ),
+      where: eq(projects.id, params.projectId),
     });
     
     if (!project) {
@@ -219,12 +201,9 @@ export const projectRoutes = new Elysia({ prefix: '/projects' })
 
   // Delete section
   .delete('/:projectId/sections/:sectionId', async ({ params, user, set }) => {
-    // Verify project ownership
+    // Verify project exists
     const project = await db.query.projects.findFirst({
-      where: and(
-        eq(projects.id, params.projectId),
-        eq(projects.userId, (user as User).id)
-      ),
+      where: eq(projects.id, params.projectId),
     });
     
     if (!project) {
diff --git a/apps/api/src/routes/tasks.ts b/apps/api/src/routes/tasks.ts
index 625ce75..26ec1c7 100644
--- a/apps/api/src/routes/tasks.ts
+++ b/apps/api/src/routes/tasks.ts
@@ -49,7 +49,7 @@ export const taskRoutes = new Elysia({ prefix: '/tasks' })
   // List tasks with filters
   .get('/', async ({ user, query }) => {
     const userId = (user as User).id;
-    const conditions = [eq(tasks.userId, userId)];
+    const conditions: ReturnType<typeof eq>[] = [];
     
     // Filter by project
     if (query.projectId) {
@@ -169,10 +169,7 @@ export const taskRoutes = new Elysia({ prefix: '/tasks' })
   // Get single task with full details
   .get('/:id', async ({ params, user, set }) => {
     const task = await db.query.tasks.findFirst({
-      where: and(
-        eq(tasks.id, params.id),
-        eq(tasks.userId, (user as User).id)
-      ),
+      where: eq(tasks.id, params.id),
       with: {
         project: true,
         section: true,
@@ -326,10 +323,7 @@ export const taskRoutes = new Elysia({ prefix: '/tasks' })
     const userId = (user as User).id;
     
     const existing = await db.query.tasks.findFirst({
-      where: and(
-        eq(tasks.id, params.id),
-        eq(tasks.userId, userId)
-      ),
+      where: eq(tasks.id, params.id),
     });
     
     if (!existing) {
@@ -461,10 +455,7 @@ export const taskRoutes = new Elysia({ prefix: '/tasks' })
   // Delete task
   .delete('/:id', async ({ params, user, set }) => {
     const existing = await db.query.tasks.findFirst({
-      where: and(
-        eq(tasks.id, params.id),
-        eq(tasks.userId, (user as User).id)
-      ),
+      where: eq(tasks.id, params.id),
     });
     
     if (!existing) {