diff options
| author | Tolmachev Igor <me@igorek.dev> | 2025-09-25 14:04:17 +0300 |
|---|---|---|
| committer | Tolmachev Igor <me@igorek.dev> | 2025-09-25 14:04:17 +0300 |
| commit | 7ae7a69c7887937f81401d43cdc34029776fbe2c (patch) | |
| tree | 8f74bcc2912e99ed3ce8a6d1f6b3e370c5377325 | |
| parent | 493fe44b23d3f4c3f271278b5137f4968cba036c (diff) | |
| download | queue_server-7ae7a69c7887937f81401d43cdc34029776fbe2c.tar.gz queue_server-7ae7a69c7887937f81401d43cdc34029776fbe2c.zip | |
Improve permission error
| -rw-r--r-- | src/error/client.rs | 5 | ||||
| -rw-r--r-- | src/routers/queue.rs | 11 |
2 files changed, 13 insertions, 3 deletions
diff --git a/src/error/client.rs b/src/error/client.rs index 302581e..07d5f97 100644 --- a/src/error/client.rs +++ b/src/error/client.rs | |||
| @@ -5,6 +5,7 @@ pub enum ClientError { | |||
| 5 | InvalidPassword, | 5 | InvalidPassword, |
| 6 | NotAuthorized, | 6 | NotAuthorized, |
| 7 | UserNotFound { id: i64 }, | 7 | UserNotFound { id: i64 }, |
| 8 | NotQueueOwner { id: i64 }, | ||
| 8 | QueueNotFound { id: i64 }, | 9 | QueueNotFound { id: i64 }, |
| 9 | } | 10 | } |
| 10 | 11 | ||
| @@ -17,6 +18,7 @@ impl ClientError { | |||
| 17 | Self::InvalidPassword => "InvalidPassword", | 18 | Self::InvalidPassword => "InvalidPassword", |
| 18 | Self::NotAuthorized => "NotAuthorized", | 19 | Self::NotAuthorized => "NotAuthorized", |
| 19 | Self::UserNotFound { .. } => "UserNotFound", | 20 | Self::UserNotFound { .. } => "UserNotFound", |
| 21 | Self::NotQueueOwner { .. } => "NotQueueOwner", | ||
| 20 | Self::QueueNotFound { .. } => "QueueNotFound", | 22 | Self::QueueNotFound { .. } => "QueueNotFound", |
| 21 | } | 23 | } |
| 22 | .to_string() | 24 | .to_string() |
| @@ -33,6 +35,9 @@ impl ClientError { | |||
| 33 | 35 | ||
| 34 | Self::NotAuthorized => format!("user is not authorized"), | 36 | Self::NotAuthorized => format!("user is not authorized"), |
| 35 | Self::UserNotFound { id } => format!("user with id `{}` not found", id), | 37 | Self::UserNotFound { id } => format!("user with id `{}` not found", id), |
| 38 | Self::NotQueueOwner { id } => { | ||
| 39 | format!("you are not the owner of the queue with id `{}`", id) | ||
| 40 | } | ||
| 36 | Self::QueueNotFound { id } => format!("queue with id `{}` not found", id), | 41 | Self::QueueNotFound { id } => format!("queue with id `{}` not found", id), |
| 37 | } | 42 | } |
| 38 | } | 43 | } |
diff --git a/src/routers/queue.rs b/src/routers/queue.rs index df846fb..021fbe5 100644 --- a/src/routers/queue.rs +++ b/src/routers/queue.rs | |||
| @@ -24,11 +24,16 @@ async fn get_owned_queue( | |||
| 24 | owner_id: i64, | 24 | owner_id: i64, |
| 25 | db: &DatabaseConnection, | 25 | db: &DatabaseConnection, |
| 26 | ) -> Result<queues::Model, ApiError> { | 26 | ) -> Result<queues::Model, ApiError> { |
| 27 | Ok(queues::Entity::find_by_id(id) | 27 | let queue = queues::Entity::find_by_id(id) |
| 28 | .filter(queues::Column::OwnerId.eq(owner_id)) | ||
| 29 | .one(db) | 28 | .one(db) |
| 30 | .await? | 29 | .await? |
| 31 | .ok_or(ClientError::QueueNotFound { id })?) | 30 | .ok_or(ClientError::QueueNotFound { id })?; |
| 31 | |||
| 32 | if queue.owner_id != owner_id { | ||
| 33 | return Err(ClientError::NotQueueOwner { id: queue.id }.into()); | ||
| 34 | } | ||
| 35 | |||
| 36 | Ok(queue) | ||
| 32 | } | 37 | } |
| 33 | 38 | ||
| 34 | #[derive(Deserialize, ToSchema)] | 39 | #[derive(Deserialize, ToSchema)] |