ForFarmTeam/ForFarm
1
0
Fork 0
mirror of https://github.com/ForFarmTeam/ForFarm.git synced 2025-12-19 14:04:08 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: check ownership from authorization header

Browse Source
This commit is contained in:
Sosokker 2025-03-20 16:00:17 +07:00
parent eb2262271f
commit 26cb8e2abf
1 changed files with 1 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
backend/internal/api/farm.go
View File

@ -61,7 +61,6 @@ type CreateFarmInput struct {
Name string `json:"name"` Name string `json:"name"`
Lat float64 `json:"lat"` Lat float64 `json:"lat"`
Lon float64 `json:"lon"` Lon float64 `json:"lon"`
OwnerID string `json:"owner_id"`
FarmType string `json:"farm_type,omitempty"` FarmType string `json:"farm_type,omitempty"`
TotalSize string `json:"total_size,omitempty"` TotalSize string `json:"total_size,omitempty"`
} }
@ -100,7 +99,6 @@ type UpdateFarmInput struct {
Lon *float64 `json:"lon,omitempty"` Lon *float64 `json:"lon,omitempty"`
FarmType *string `json:"farm_type,omitempty"` FarmType *string `json:"farm_type,omitempty"`
TotalSize *string `json:"total_size,omitempty"` TotalSize *string `json:"total_size,omitempty"`
OwnerID string `json:"owner_id,omitempty"`
} }
} }
@ -129,10 +127,6 @@ func (a *api) createFarmHandler(ctx context.Context, input *CreateFarmInput) (*C
return nil, err return nil, err
} }
if input.Body.OwnerID != "" && input.Body.OwnerID != userID {
return nil, huma.Error401Unauthorized("unauthorized: cannot create a farm for another owner")
}
farm := &domain.Farm{ farm := &domain.Farm{
Name: input.Body.Name, Name: input.Body.Name,
Lat: input.Body.Lat, Lat: input.Body.Lat,
@ -143,7 +137,7 @@ func (a *api) createFarmHandler(ctx context.Context, input *CreateFarmInput) (*C
} }
if err := a.farmRepo.CreateOrUpdate(ctx, farm); err != nil { if err := a.farmRepo.CreateOrUpdate(ctx, farm); err != nil {
return nil, err return nil, huma.Error500InternalServerError("failed to create farm", err)
} }
return &CreateFarmOutput{ return &CreateFarmOutput{
@ -214,9 +208,6 @@ func (a *api) updateFarmHandler(ctx context.Context, input *UpdateFarmInput) (*U
if input.Body.TotalSize != nil { if input.Body.TotalSize != nil {
farm.TotalSize = *input.Body.TotalSize farm.TotalSize = *input.Body.TotalSize
} }
if input.Body.OwnerID != "" && input.Body.OwnerID != userID {
return nil, huma.Error401Unauthorized("unauthorized: cannot change owner")
}
if err = a.farmRepo.CreateOrUpdate(ctx, farm); err != nil { if err = a.farmRepo.CreateOrUpdate(ctx, farm); err != nil {
return nil, err return nil, err