UEAuvergne/Alexandria
Archived
2
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

check user permissions for book instance API

Browse source
This commit is contained in:
Ninjdai 2025-08-03 23:11:15 +02:00
parent 9fb527f9df
commit a657d672be
1 changed files with 11 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/routes/book_instance.rs
View file

@ -22,7 +22,8 @@ struct BookInstanceByIdParams(u32);
security(("jwt" = [])), security(("jwt" = [])),
responses( responses(
(status = OK, body = book_instance::Model, description = "Found book instance with corresponding ID in the database"), (status = OK, body = book_instance::Model, description = "Found book instance with corresponding ID in the database"),
(status = NOT_FOUND, description = "No book instance with this id exists in the database") (status = NOT_FOUND, description = "No book instance with this id exists in the database"),
(status = FORBIDDEN, description = "You don't own the requested book instance"),
), ),
summary = "Get a book instance by its ID", summary = "Get a book instance by its ID",
description = "Get a book instance from its ID", description = "Get a book instance from its ID",
@ -30,9 +31,13 @@ struct BookInstanceByIdParams(u32);
)] )]
pub async fn get_book_instance_by_id( pub async fn get_book_instance_by_id(
State(state): State<Arc<AppState>>, State(state): State<Arc<AppState>>,
claims: Claims,
Path(id): Path<u32>, Path(id): Path<u32>,
) -> (StatusCode, Json<Option<book_instance::Model>>) { ) -> (StatusCode, Json<Option<book_instance::Model>>) {
if let Ok(Some(res)) = BookInstance::find_by_id(id).one(state.db_conn.as_ref()).await { if let Ok(Some(res)) = BookInstance::find_by_id(id).one(state.db_conn.as_ref()).await {
if !user_is_book_instance_owner(claims.user_id, res.id, state.db_conn.as_ref()).await {
return (StatusCode::FORBIDDEN, Json(None));
}
(StatusCode::OK, Json(Some(res))) (StatusCode::OK, Json(Some(res)))
} else { } else {
(StatusCode::NOT_FOUND, Json(None)) (StatusCode::NOT_FOUND, Json(None))
@ -55,7 +60,7 @@ pub struct BookInstanceCreateParams {
security(("jwt" = [])), security(("jwt" = [])),
responses( responses(
(status = OK, body = book_instance::Model, description = "Successfully created book instance"), (status = OK, body = book_instance::Model, description = "Successfully created book instance"),
(status = FORBIDDEN, description = "You don't own the specified BAL"), (status = FORBIDDEN, description = "You don't own the specified book instance"),
), ),
summary = "Create a new book instance", summary = "Create a new book instance",
description = "Create a new book instance", description = "Create a new book instance",
@ -76,7 +81,8 @@ pub async fn create_book_instance(
bal_id: Set(instance_payload.bal_id), bal_id: Set(instance_payload.bal_id),
price: Set(instance_payload.price), price: Set(instance_payload.price),
status: Set(book_instance::BookStatus::Available), status: Set(book_instance::BookStatus::Available),
..Default::default() id: NotSet,
sold_price: NotSet,
}; };
let b = book_instance.save(state.db_conn.as_ref()).await; let b = book_instance.save(state.db_conn.as_ref()).await;
@ -167,6 +173,7 @@ pub struct BookInstanceSaleParams {
responses( responses(
(status = OK, body = book_instance::Model, description = "Successfully sold book instance"), (status = OK, body = book_instance::Model, description = "Successfully sold book instance"),
(status = NOT_FOUND, description = "No book instance with specified id was found"), (status = NOT_FOUND, description = "No book instance with specified id was found"),
(status = FORBIDDEN, description = "You don't own the specified book instance"),
), ),
summary = "Sell a book instance", summary = "Sell a book instance",
description = "Sell a book instance", description = "Sell a book instance",