iio/pingvin-share
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add rule to check if user is owner of share

Browse Source
This commit is contained in:
Elias Schneider
2022-10-10 23:34:03 +02:00
parent e818a29442
commit 2c47b2a284
6 changed files with 47 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/src/share/share.service.ts
View File

@@ -132,15 +132,13 @@ export class ShareService {
return share;
}
async remove(shareId: string, userId: string) {
async remove(shareId: string) {
const share = await this.prisma.share.findUnique({
where: { id: shareId },
});
if (!share) throw new NotFoundException("Share not found");
if (share.creatorId != userId) throw new ForbiddenException();
await this.prisma.share.delete({ where: { id: shareId } });
}