polynux
/
groupomania
mirror of https://github.com/polynux/groupomania-openclassrooms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix permission for deletion

This commit is contained in:
Guillaume Dorce 2022-10-14 16:43:28 +02:00
parent ec0b5fe6c4
commit 67eb136ff7
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/controller/PostController.ts
View File

@ -1,6 +1,7 @@
import { PrismaClient, Post as PrismaPost, Like } from '@prisma/client'; import { PrismaClient, Post as PrismaPost, Like } from '@prisma/client';
import { Post } from '@/models/PostModel'; import { Post } from '@/models/PostModel';
import { exclude } from '@/lib/utils'; import { exclude } from '@/lib/utils';
import { getUserById } from './UserController';
const prisma = new PrismaClient(); const prisma = new PrismaClient();
@ -82,7 +83,11 @@ const deletePost = async (id: number, userId: number): Promise<PrismaPost | Erro
if (post === null) { if (post === null) {
return new Error('Post not found'); return new Error('Post not found');
} }
if (post.authorId !== userId) { const user = await getUserById(userId);
if (!user) {
return new Error('User not found');
}
if (post.authorId !== userId && user.role === 'USER') {
return new Error('User is not the author of this post'); return new Error('User is not the author of this post');
} }
return prisma.post.delete({ return prisma.post.delete({