nikdoof/rustical
1
1
Fork 0
mirror of https://github.com/lennart-k/rustical.git synced 2025-12-14 08:12:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

event check authorization

Browse Source
This commit is contained in:
Lennart
2024-06-21 21:21:46 +02:00
parent 06d1095c66
commit b32968e942
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
crates/caldav/src/event/methods.rs
View File

@@ -12,9 +12,12 @@ pub async fn delete_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
auth: AuthInfoExtractor<A>, auth: AuthInfoExtractor<A>,
req: HttpRequest, req: HttpRequest,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
let _user = auth.inner.user_id;
// TODO: verify whether user is authorized
let (principal, mut cid, uid) = path.into_inner(); let (principal, mut cid, uid) = path.into_inner();
if auth.inner.user_id != principal {
return Ok(HttpResponse::Unauthorized().body(""));
}
if cid.ends_with(".ics") { if cid.ends_with(".ics") {
cid.truncate(cid.len() - 4); cid.truncate(cid.len() - 4);
} }
@@ -39,7 +42,6 @@ pub async fn get_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
path: Path<(String, String, String)>, path: Path<(String, String, String)>,
auth: AuthInfoExtractor<A>, auth: AuthInfoExtractor<A>,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
// TODO: verify whether user is authorized
let (principal, cid, mut uid) = path.into_inner(); let (principal, cid, mut uid) = path.into_inner();
if auth.inner.user_id != principal { if auth.inner.user_id != principal {