check user permissions for owner API
This commit is contained in:
Ninjdai
parent
e078bffc25
commit
9fb527f9df
1 changed files with 14 additions and 7 deletions
|
|
@ -2,7 +2,7 @@ use std::sync::Arc;
|
|||
|
||||
use axum::{extract::{Path, State}, Json};
|
||||
use reqwest::{StatusCode};
|
||||
use sea_orm::{ActiveModelTrait, ActiveValue::{NotSet, Set, Unchanged}, EntityTrait, TryIntoModel};
|
||||
use sea_orm::{ActiveModelTrait, ActiveValue::{NotSet, Set}, ColumnTrait, EntityTrait, QueryFilter, TryIntoModel};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use utoipa::IntoParams;
|
||||
|
||||
|
|
@ -22,7 +22,8 @@ struct OwnerByIdParams(u32);
|
|||
security(("jwt" = [])),
|
||||
responses(
|
||||
(status = OK, body = owner::Model, description = "Found owner with corresponding ID in the database"),
|
||||
(status = NOT_FOUND, description = "No owner with this id exists in the database")
|
||||
(status = NOT_FOUND, description = "No owner with this id exists in the database"),
|
||||
(status = FORBIDDEN, description = "You do not own the specified owner"),
|
||||
),
|
||||
summary = "Get an owner by its ID",
|
||||
description = "Get an owner from its ID",
|
||||
|
|
@ -30,10 +31,15 @@ struct OwnerByIdParams(u32);
|
|||
)]
|
||||
pub async fn get_owner_by_id(
|
||||
State(state): State<Arc<AppState>>,
|
||||
claims: Claims,
|
||||
Path(id): Path<u32>,
|
||||
) -> (StatusCode, Json<Option<owner::Model>>) {
|
||||
if let Ok(Some(res)) = Owner::find_by_id(id).one(state.db_conn.as_ref()).await {
|
||||
(StatusCode::OK, Json(Some(res)))
|
||||
if res.user_id != claims.user_id {
|
||||
(StatusCode::FORBIDDEN, Json(None))
|
||||
} else {
|
||||
(StatusCode::OK, Json(Some(res)))
|
||||
}
|
||||
} else {
|
||||
(StatusCode::NOT_FOUND, Json(None))
|
||||
}
|
||||
|
|
@ -165,14 +171,15 @@ pub async fn update_owner(
|
|||
)]
|
||||
pub async fn get_owners(
|
||||
State(state): State<Arc<AppState>>,
|
||||
) -> (StatusCode, Json<Option<Vec<owner::Model>>>) {
|
||||
match Owner::find().all(state.db_conn.as_ref()).await {
|
||||
claims: Claims
|
||||
) -> (StatusCode, Json<Vec<owner::Model>>) {
|
||||
match Owner::find().filter(owner::Column::UserId.eq(claims.user_id)).all(state.db_conn.as_ref()).await {
|
||||
Err(e) => {
|
||||
log::error!(target: "api", "Error while getting owner list: {:#?}", e);
|
||||
(StatusCode::INTERNAL_SERVER_ERROR, Json(None))
|
||||
(StatusCode::INTERNAL_SERVER_ERROR, Json(vec![]))
|
||||
}
|
||||
Ok(owners) => {
|
||||
(StatusCode::OK, Json(Some(owners)))
|
||||
(StatusCode::OK, Json(owners))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue