From 7ae7a69c7887937f81401d43cdc34029776fbe2c Mon Sep 17 00:00:00 2001 From: Tolmachev Igor Date: Thu, 25 Sep 2025 14:04:17 +0300 Subject: Improve permission error --- src/error/client.rs | 5 +++++ src/routers/queue.rs | 11 ++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/error/client.rs b/src/error/client.rs index 302581e..07d5f97 100644 --- a/src/error/client.rs +++ b/src/error/client.rs @@ -5,6 +5,7 @@ pub enum ClientError { InvalidPassword, NotAuthorized, UserNotFound { id: i64 }, + NotQueueOwner { id: i64 }, QueueNotFound { id: i64 }, } @@ -17,6 +18,7 @@ impl ClientError { Self::InvalidPassword => "InvalidPassword", Self::NotAuthorized => "NotAuthorized", Self::UserNotFound { .. } => "UserNotFound", + Self::NotQueueOwner { .. } => "NotQueueOwner", Self::QueueNotFound { .. } => "QueueNotFound", } .to_string() @@ -33,6 +35,9 @@ impl ClientError { Self::NotAuthorized => format!("user is not authorized"), Self::UserNotFound { id } => format!("user with id `{}` not found", id), + Self::NotQueueOwner { id } => { + format!("you are not the owner of the queue with id `{}`", id) + } Self::QueueNotFound { id } => format!("queue with id `{}` not found", id), } } diff --git a/src/routers/queue.rs b/src/routers/queue.rs index df846fb..021fbe5 100644 --- a/src/routers/queue.rs +++ b/src/routers/queue.rs @@ -24,11 +24,16 @@ async fn get_owned_queue( owner_id: i64, db: &DatabaseConnection, ) -> Result { - Ok(queues::Entity::find_by_id(id) - .filter(queues::Column::OwnerId.eq(owner_id)) + let queue = queues::Entity::find_by_id(id) .one(db) .await? - .ok_or(ClientError::QueueNotFound { id })?) + .ok_or(ClientError::QueueNotFound { id })?; + + if queue.owner_id != owner_id { + return Err(ClientError::NotQueueOwner { id: queue.id }.into()); + } + + Ok(queue) } #[derive(Deserialize, ToSchema)] -- cgit v1.2.3