swissmakers_gmbh/swiss-datashare
12
0
Fork 0
mirror of https://github.com/swissmakers/swiss-datashare.git synced 2026-04-19 05:23:14 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: add rule to check if user is owner of share

Browse Source
This commit is contained in:
Elias Schneider
2022-10-10 23:34:03 +02:00
parent e818a29442
commit 2c47b2a284
6 changed files with 47 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
backend/src/share/guard/shareOwner.guard.ts Normal file
View File

@@ -0,0 +1,33 @@
import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
import { Reflector } from "@nestjs/core";
import { User } from "@prisma/client";
import { Request } from "express";
import { ExtractJwt } from "passport-jwt";
import { PrismaService } from "src/prisma/prisma.service";
import { ShareService } from "src/share/share.service";
@Injectable()
export class ShareOwnerGuard implements CanActivate {
constructor(
private prisma: PrismaService
) {}
async canActivate(context: ExecutionContext) {
const request: Request = context.switchToHttp().getRequest();
const shareId = Object.prototype.hasOwnProperty.call(
request.params,
"shareId"
)
? request.params.shareId
: request.params.id;
const share = await this.prisma.share.findUnique({
where: { id: shareId },
include: { security: true },
});
return share.creatorId == (request.user as User).id;
}
}