diff options
Diffstat (limited to 'src/api/core/folders.rs')
-rw-r--r-- | src/api/core/folders.rs | 30 |
1 files changed, 7 insertions, 23 deletions
diff --git a/src/api/core/folders.rs b/src/api/core/folders.rs index 9766d7a1..3daa2a06 100644 --- a/src/api/core/folders.rs +++ b/src/api/core/folders.rs @@ -25,16 +25,10 @@ async fn get_folders(headers: Headers, mut conn: DbConn) -> Json<Value> { #[get("/folders/<uuid>")] async fn get_folder(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult { - let folder = match Folder::find_by_uuid(uuid, &mut conn).await { - Some(folder) => folder, - _ => err!("Invalid folder"), - }; - - if folder.user_uuid != headers.user.uuid { - err!("Folder belongs to another user") + match Folder::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await { + Some(folder) => Ok(Json(folder.to_json())), + _ => err!("Invalid folder", "Folder does not exist or belongs to another user"), } - - Ok(Json(folder.to_json())) } #[derive(Deserialize)] @@ -71,15 +65,10 @@ async fn put_folder( ) -> JsonResult { let data: FolderData = data.into_inner(); - let mut folder = match Folder::find_by_uuid(uuid, &mut conn).await { - Some(folder) => folder, - _ => err!("Invalid folder"), + let Some(mut folder) = Folder::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else { + err!("Invalid folder", "Folder does not exist or belongs to another user") }; - if folder.user_uuid != headers.user.uuid { - err!("Folder belongs to another user") - } - folder.name = data.name; folder.save(&mut conn).await?; @@ -95,15 +84,10 @@ async fn delete_folder_post(uuid: &str, headers: Headers, conn: DbConn, nt: Noti #[delete("/folders/<uuid>")] async fn delete_folder(uuid: &str, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult { - let folder = match Folder::find_by_uuid(uuid, &mut conn).await { - Some(folder) => folder, - _ => err!("Invalid folder"), + let Some(folder) = Folder::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else { + err!("Invalid folder", "Folder does not exist or belongs to another user") }; - if folder.user_uuid != headers.user.uuid { - err!("Folder belongs to another user") - } - // Delete the actual folder entry folder.delete(&mut conn).await?; |