Schwarztee/brass
1
0
Fork 0
Code Issues 19 Pull Requests Packages Projects 1 Releases Wiki Activity

fix: permissions for location interaction

Browse Source
This commit is contained in:
Max Hohlfeld 2024-11-11 19:50:40 +01:00
parent 8f55757360
commit ec96b3b039
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/endpoints/location/delete.rs
View File

@ -17,15 +17,15 @@ pub async fn delete(
return Err(ApplicationError::Unauthorized);
}
let Some(area) = Location::read_by_id(pool.get_ref(), path.id).await? else {
let Some(location) = Location::read_by_id(pool.get_ref(), path.id).await? else {
return Ok(HttpResponse::NotFound().finish());
};
if user.role == Role::AreaManager && area.id != user.area_id {
if user.role == Role::AreaManager && location.area_id != user.area_id {
return Err(ApplicationError::Unauthorized);
}
Location::delete(pool.get_ref(), area.id).await?;
Location::delete(pool.get_ref(), location.id).await?;
Ok(HttpResponse::Ok().finish())
}

4
src/endpoints/location/get_edit.rs
View File

@ -22,6 +22,10 @@ pub async fn get(
return Ok(HttpResponse::NotFound().finish());
};
if user.role == Role::AreaManager && location.area_id != user.area_id {
return Err(ApplicationError::Unauthorized);
}
let mut areas = None;
if user.role == Role::Admin {