From 41d508477c9b7f89af2cfa1e9b2092273b05b9e2 Mon Sep 17 00:00:00 2001
From: Eliezer Steinbock <3090527+elie222@users.noreply.github.com>
Date: Tue, 6 Jan 2026 01:37:49 +0200
Subject: [PATCH] fix(api): use scalar field for rule ownership check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace relation filter with scalar emailAccountId field in findUnique query for better security and performance.

- More efficient: avoids unnecessary join operation
- More explicit: directly filters on foreign key column
- Correct Prisma usage: findUnique should use scalar fields, not relation filters

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 apps/web/app/api/user/rules/[id]/route.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/web/app/api/user/rules/[id]/route.ts b/apps/web/app/api/user/rules/[id]/route.ts
index 873232aac..6f9ef9de5 100644
--- a/apps/web/app/api/user/rules/[id]/route.ts
+++ b/apps/web/app/api/user/rules/[id]/route.ts
@@ -15,7 +15,7 @@ async function getRule({
   emailAccountId: string;
 }) {
   const rule = await prisma.rule.findUnique({
-    where: { id: ruleId, emailAccount: { id: emailAccountId } },
+    where: { id: ruleId, emailAccountId },
     include: {
       actions: true,
     },