Improve permission error

author: Tolmachev Igor <me@igorek.dev> 2025-09-25 14:04:17 +0300
committer: Tolmachev Igor <me@igorek.dev> 2025-09-25 14:04:17 +0300
commit: 7ae7a69c7887937f81401d43cdc34029776fbe2c (patch)
tree: 8f74bcc2912e99ed3ce8a6d1f6b3e370c5377325 /src/routers
parent: 493fe44b23d3f4c3f271278b5137f4968cba036c (diff)
download: queue_server-7ae7a69c7887937f81401d43cdc34029776fbe2c.tar.gz
queue_server-7ae7a69c7887937f81401d43cdc34029776fbe2c.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/src/routers/queue.rs b/src/routers/queue.rs
index df846fb..021fbe5 100644
--- a/src/routers/queue.rs
+++ b/src/routers/queue.rs
@@ -24,11 +24,16 @@ async fn get_owned_queue(
    owner_id: i64,
    db: &DatabaseConnection,
 ) -> Result<queues::Model, ApiError> {
-    Ok(queues::Entity::find_by_id(id)
+    let queue = queues::Entity::find_by_id(id)
-        .filter(queues::Column::OwnerId.eq(owner_id))
        .one(db)
        .await?
-        .ok_or(ClientError::QueueNotFound { id })?)
+        .ok_or(ClientError::QueueNotFound { id })?;
+    if queue.owner_id != owner_id {
+        return Err(ClientError::NotQueueOwner { id: queue.id }.into());
+    }
+    Ok(queue)
 }
 #[derive(Deserialize, ToSchema)]
author	Tolmachev Igor <me@igorek.dev>	2025-09-25 14:04:17 +0300
committer	Tolmachev Igor <me@igorek.dev>	2025-09-25 14:04:17 +0300
commit	7ae7a69c7887937f81401d43cdc34029776fbe2c (patch)
tree	8f74bcc2912e99ed3ce8a6d1f6b3e370c5377325 /src/routers
parent	493fe44b23d3f4c3f271278b5137f4968cba036c (diff)
download	queue_server-7ae7a69c7887937f81401d43cdc34029776fbe2c.tar.gz queue_server-7ae7a69c7887937f81401d43cdc34029776fbe2c.zip