rockfic/next
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(api): update review editing endpoint

Browse Source 
when checking for whether the requester is the author, treat the author field as an object rather than a number (id)
This commit is contained in:
✑ ☙◦❀ The Tablet ☯ GamerGirlandCo ❀◦❧ 2023-12-06 21:48:29 -05:00
parent c9f5d5466d
commit fa27a16e65
Signed by: tablet
GPG Key ID: 924A5F6AF051E87C
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/api/review/[revid]/index.put.ts
View File

@ -1,5 +1,6 @@
import san from "sanitize-html"; import san from "sanitize-html";
import { messages } from "~/lib/server/constants"; import { messages } from "~/lib/server/constants";
import { log } from "~/lib/server/logger";
import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn"; import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn";
import { Review } from "~/models/stories/review"; import { Review } from "~/models/stories/review";
@ -13,7 +14,10 @@ export default eventHandler(async (ev) => {
message: messages[404], message: messages[404],
}); });
} }
if (c?.author != ev.context.currentUser?._id) { log.silly(`${ev.context.currentUser!._id!} || ${c.author}`, {
label: "what the fuck",
});
if (c?.author._id != ev.context.currentUser?._id) {
throw createError({ throw createError({
message: messages[403], message: messages[403],
statusCode: 403, statusCode: 403,