UEAuvergne/Alexandria
Archived
2
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

check user permissions for book instance API

Browse source
This commit is contained in:
Ninjdai 2025-08-03 23:11:15 +02:00
parent 9fb527f9df
commit a657d672be
1 changed files with 11 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/routes/book_instance.rs
View file

@ -22,7 +22,8 @@ struct BookInstanceByIdParams(u32);
security(("jwt" = [])),
responses(
(status = OK, body = book_instance::Model, description = "Found book instance with corresponding ID in the database"),
(status = NOT_FOUND, description = "No book instance with this id exists in the database")
(status = NOT_FOUND, description = "No book instance with this id exists in the database"),
(status = FORBIDDEN, description = "You don't own the requested book instance"),
),
summary = "Get a book instance by its ID",
description = "Get a book instance from its ID",
@ -30,9 +31,13 @@ struct BookInstanceByIdParams(u32);
)]
pub async fn get_book_instance_by_id(
State(state): State<Arc<AppState>>,
claims: Claims,
Path(id): Path<u32>,
) -> (StatusCode, Json<Option<book_instance::Model>>) {
if let Ok(Some(res)) = BookInstance::find_by_id(id).one(state.db_conn.as_ref()).await {
if !user_is_book_instance_owner(claims.user_id, res.id, state.db_conn.as_ref()).await {
return (StatusCode::FORBIDDEN, Json(None));
}
(StatusCode::OK, Json(Some(res)))
} else {
(StatusCode::NOT_FOUND, Json(None))
@ -55,7 +60,7 @@ pub struct BookInstanceCreateParams {
security(("jwt" = [])),
responses(
(status = OK, body = book_instance::Model, description = "Successfully created book instance"),
(status = FORBIDDEN, description = "You don't own the specified BAL"),
(status = FORBIDDEN, description = "You don't own the specified book instance"),
),
summary = "Create a new book instance",
description = "Create a new book instance",
@ -76,7 +81,8 @@ pub async fn create_book_instance(
bal_id: Set(instance_payload.bal_id),
price: Set(instance_payload.price),
status: Set(book_instance::BookStatus::Available),
..Default::default()
id: NotSet,
sold_price: NotSet,
};
let b = book_instance.save(state.db_conn.as_ref()).await;
@ -167,6 +173,7 @@ pub struct BookInstanceSaleParams {
responses(
(status = OK, body = book_instance::Model, description = "Successfully sold book instance"),
(status = NOT_FOUND, description = "No book instance with specified id was found"),
(status = FORBIDDEN, description = "You don't own the specified book instance"),
),
summary = "Sell a book instance",
description = "Sell a book instance",
@ -227,7 +234,7 @@ pub async fn bulk_create_book_instance(
}
}
let instances = instance_payload
let instances = instance_payload
.into_iter()
.map(|p| {
book_instance::ActiveModel {