iio/pingvin-share
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add rule to check if user is owner of share

Browse Source
This commit is contained in:
Elias Schneider
2022-10-10 23:34:03 +02:00
parent e818a29442
commit 2c47b2a284
6 changed files with 47 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backend/src/share/share.controller.ts
View File

@@ -16,6 +16,7 @@ import { MyShareDTO } from "./dto/myShare.dto";
import { ShareDTO } from "./dto/share.dto";
import { ShareMetaDataDTO } from "./dto/shareMetaData.dto";
import { SharePasswordDto } from "./dto/sharePassword.dto";
import { ShareOwnerGuard } from "./guard/shareOwner.guard";
import { ShareSecurityGuard } from "./guard/shareSecurity.guard";
import { ShareService } from "./share.service";
@@ -50,14 +51,14 @@ export class ShareController {
}
@Delete(":id")
@UseGuards(JwtGuard)
async remove(@Param("id") id: string, @GetUser() user: User) {
await this.shareService.remove(id, user.id);
@UseGuards(JwtGuard, ShareOwnerGuard)
async remove(@Param("id") id: string) {
await this.shareService.remove(id);
}
@Post(":id/complete")
@HttpCode(202)
@UseGuards(JwtGuard)
@UseGuards(JwtGuard, ShareOwnerGuard)
async complete(@Param("id") id: string) {
return new ShareDTO().from(await this.shareService.complete(id));
}