fix(kits): fix vulnerabilities in kit update

app/modules/kit/service.server.ts

@@ -124,10 +124,11 @@ export async function updateKit({
   imageExpiration,
   status,
   createdById,
+  organizationId,
 }: UpdateKitPayload) {
   try {
     return await db.kit.update({
-      where: { id },
+      where: { id, organizationId },
       data: {
         name,
         description,
@@ -147,10 +148,12 @@ export async function updateKitImage({
   request,
   kitId,
   userId,
+  organizationId,
 }: {
   request: Request;
   kitId: string;
   userId: string;
+  organizationId: Kit["organizationId"];
 }) {
   try {
     const fileData = await parseFileFormData({
@@ -176,6 +179,7 @@ export async function updateKitImage({
       image: signedUrl,
       imageExpiration: oneDayFromNow(),
       createdById: userId,
+      organizationId,
     });
   } catch (cause) {
     throw new ShelfError({

app/modules/kit/types.ts

@@ -9,6 +9,7 @@ export type UpdateKitPayload = Partial<
     | "image"
     | "imageExpiration"
     | "createdById"
+    | "organizationId"
   >
 > & {
   id: Kit["id"];

app/routes/_layout+/kits.$kitId_.edit.tsx

@@ -113,11 +113,13 @@ export async function action({ context, request, params }: ActionFunctionArgs) {
         createdById: userId,
         name: payload.name,
         description: payload.description,
+        organizationId,
       }),
       updateKitImage({
         request,
         kitId,
         userId,
+        organizationId,
       }),
     ]);
 

app/routes/_layout+/kits.new.tsx

@@ -86,6 +86,7 @@ export async function action({ context, request }: LoaderFunctionArgs) {
       request,
       kitId: kit.id,
       userId,
+      organizationId,
     });
 
     sendNotification({