feat:updates

Author: shnai0

app/api/views-dataroom/route.ts

@@ -729,23 +729,23 @@ export async function POST(request: NextRequest) {
                       : undefined;
 
                   // Get team members for CC
-                  const adminUser = link.team.users.find(
+                  const adminUser = link.team?.users.find(
                     (u) => u.role === "ADMIN",
                   );
                   const adminEmail = adminUser?.user.email || null;
-                  const teamMembers = link.team.users
+                  const teamMembers = link.team?.users
                     .map((u) => u.user.email)
                     .filter(
                       (email): email is string =>
                         !!email && email !== adminEmail,
-                    );
+                    ) || [];
 
                   // Send NDA completion email
                   await sendSignedNDAEmail({
                     ownerEmail: adminEmail,
                     viewId: newDataroomView.id,
                     dataroomId: dataroomId,
-                    agreementName: link.agreement.name,
+                    agreementName: link.agreement?.name || "NDA",
                     linkName: link.name || `Link #${linkId.slice(-5)}`,
                     viewerEmail: email ?? null,
                     viewerName: name ?? null,
@@ -917,23 +917,23 @@ export async function POST(request: NextRequest) {
                     : undefined;
 
                 // Get team members for CC
-                const adminUser = link.team.users.find(
+                const adminUser = link.team?.users.find(
                   (u) => u.role === "ADMIN",
                 );
                 const adminEmail = adminUser?.user.email || null;
-                const teamMembers = link.team.users
+                const teamMembers = link.team?.users
                   .map((u) => u.user.email)
                   .filter(
                     (email): email is string =>
                       !!email && email !== adminEmail,
-                  );
+                  ) || [];
 
                 // Send NDA completion email (for document view within dataroom, link to dataroom)
                 await sendSignedNDAEmail({
                   ownerEmail: adminEmail,
                   viewId: newView.id,
                   dataroomId: dataroomId, // Link to dataroom even for document views
-                  agreementName: link.agreement.name,
+                  agreementName: link.agreement?.name || "NDA",
                   linkName: link.name || `Link #${linkId.slice(-5)}`,
                   viewerEmail: email ?? null,
                   viewerName: name ?? null,

app/api/views/route.ts

@@ -700,24 +700,24 @@ export async function POST(request: NextRequest) {
                     : undefined;
 
                 // Get team members for CC
-                const adminUser = link.team.users.find(
+                const adminUser = link.team?.users.find(
                   (u) => u.role === "ADMIN",
                 );
                 const adminEmail = adminUser?.user.email || null;
-                const teamMembers = link.team.users
+                const teamMembers = link.team?.users
                   .map((u) => u.user.email)
                   .filter(
                     (email): email is string =>
                       !!email && email !== adminEmail,
-                  );
+                  ) || [];
 
                 // Send NDA completion email
                 await sendSignedNDAEmail({
                   ownerEmail: adminEmail,
                   viewId: newView.id,
                   documentId: documentId,
                   dataroomId: undefined, // Document view, not dataroom
-                  agreementName: link.agreement.name,
+                  agreementName: link.agreement?.name || "NDA",
                   linkName: link.name || `Link #${linkId.slice(-5)}`,
                   viewerEmail: email ?? null,
                   viewerName: name ?? null,

pages/api/views/[viewId]/nda-certificate.ts

@@ -34,16 +34,21 @@ export default async function handle(
 
   try {
     // Fetch the view with agreement response and related data
+    // IMPORTANT: We use the agreement from agreementResponse to ensure we get
+    // the agreement that was actually agreed to, not the current link's agreement
+    // (which may have been changed after the user agreed)
     const view = await prisma.view.findUnique({
       where: { id: viewId },
       include: {
         agreementResponse: {
           include: {
             agreement: {
               select: {
+                id: true,
                 name: true,
                 content: true,
                 contentType: true,
+                updatedAt: true, // Track when agreement was last updated
               },
             },
           },
@@ -79,6 +84,23 @@ export default async function handle(
       return res.status(400).json({ error: "No agreement response found" });
     }
 
+    // IMPORTANT: Verify that the agreement hasn't been modified after the user agreed to it
+    // If the agreement was updated after the response was created, we should warn or handle it
+    // NOTE: This is a known limitation - if an Agreement is updated after users agree to it,
+    // the certificate will show the current agreement content, not the original. 
+    // A proper fix would require storing a snapshot of agreement data in AgreementResponse.
+    const agreementUpdatedAfterResponse = 
+      view.agreementResponse.agreement.updatedAt > view.agreementResponse.createdAt;
+    
+    if (agreementUpdatedAfterResponse) {
+      // Log that the agreement was modified after the user agreed
+      // The certificate will use the current agreement content, which may differ from what was agreed to
+      log({
+        message: `Agreement ${view.agreementResponse.agreement.id} was updated after user agreed to it (viewId: ${viewId}). Certificate shows current agreement version, not original.`,
+        type: "error",
+      });
+    }
+
     // Fetch user agent data for location, device, browser, OS
     // This is optional - if it fails, we'll use defaults
     let userAgentData: {