DC/dc-project
1
1
Fork 0
Code Issues 25 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Fix all security routes

Browse Source
This commit is contained in:
Fabrice Lecomte
2021-03-31 02:31:37 +02:00
parent f17277c0e9
commit a0d07e88a1
35 changed files with 80 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/kotlin/fr/dcproject/component/opinion/routes/GetCitizenOpinions.kt
View File

@@ -5,6 +5,7 @@ import fr.dcproject.common.security.assert
import fr.dcproject.common.utils.toUUID
import fr.dcproject.component.article.database.ArticleRef
import fr.dcproject.component.auth.citizenOrNull
import fr.dcproject.component.auth.mustBeAuth
import fr.dcproject.component.citizen.database.CitizenRef
import fr.dcproject.component.opinion.OpinionAccessControl
import fr.dcproject.component.opinion.database.Opinion
@@ -31,6 +32,7 @@ object GetCitizenOpinions {
fun Route.getCitizenOpinions(repo: OpinionArticleRepository, ac: OpinionAccessControl) {
get<CitizenOpinions> {
mustBeAuth()
val opinionsEntities: List<Opinion<ArticleRef>> = repo.findCitizenOpinionsByTargets(it.citizen, it.id)
ac.assert { canView(opinionsEntities, citizenOrNull) }