sprechtl/PomeloNote
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

findOne

Browse source
This commit is contained in:
j-weissen 2022-09-26 23:13:50 +02:00
parent 18b2d01c23
commit 834f1284fe
1 changed files with 15 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

21
backend/strapi/src/api/note/controllers/note.js
View file

@ -29,15 +29,22 @@ module.exports = createCoreController('api::note.note', ({strapi}) => ({
return JSON.stringify(entries); return JSON.stringify(entries);
}, },
/** /**
* Finds the note by id. Only returns the note when the user is assigned. * Finds the note by id. Exits 403 if the note does not belong to the user making the request
* @param ctx * @param ctx
* @returns {Promise<void>} * @returns {Promise<string>}
*/ */
async findOne(ctx) { async findOne(ctx) {
console.log("findOne") const noteId = Number(ctx.request.url.split("/").at(-1));
const userId = ctx.state.user.id;
const entry = await strapi.entityService.findOne('api::note.note', noteId, {
populate: ['owners'],
});
let allowed = entry.owners.some(owner => owner.id === userId)
if (allowed) {
return JSON.stringify(entry);
} else {
ctx.response.status = 403;
} }
})); },
/** }));
*
*/