From 7ae7a69c7887937f81401d43cdc34029776fbe2c Mon Sep 17 00:00:00 2001
From: Tolmachev Igor <me@igorek.dev>
Date: Thu, 25 Sep 2025 14:04:17 +0300
Subject: Improve permission error

---
 src/routers/queue.rs | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'src/routers')

diff --git a/src/routers/queue.rs b/src/routers/queue.rs
index df846fb..021fbe5 100644
--- a/src/routers/queue.rs
+++ b/src/routers/queue.rs
@@ -24,11 +24,16 @@ async fn get_owned_queue(
     owner_id: i64,
     db: &DatabaseConnection,
 ) -> Result<queues::Model, ApiError> {
-    Ok(queues::Entity::find_by_id(id)
-        .filter(queues::Column::OwnerId.eq(owner_id))
+    let queue = queues::Entity::find_by_id(id)
         .one(db)
         .await?
-        .ok_or(ClientError::QueueNotFound { id })?)
+        .ok_or(ClientError::QueueNotFound { id })?;
+
+    if queue.owner_id != owner_id {
+        return Err(ClientError::NotQueueOwner { id: queue.id }.into());
+    }
+
+    Ok(queue)
 }
 
 #[derive(Deserialize, ToSchema)]
-- 
cgit v1.2.3