fix(apiv2): correctly apply privacy settings on switch get

This commit is contained in:
spiral 2021-10-12 06:18:54 -04:00
parent e2a56a198f
commit c164fad2ac
No known key found for this signature in database
GPG Key ID: A6059F0CA0E1BD31
2 changed files with 5 additions and 5 deletions

View File

@ -105,13 +105,13 @@ namespace PluralKit.API
if (system == null)
throw APIErrors.SystemNotFound;
var sw = await _repo.GetSwitchByUuid(switchId);
if (sw == null || system.Id != sw.System)
throw APIErrors.SwitchNotFound;
var ctx = this.ContextFor(system);
if (!system.FrontHistoryPrivacy.CanAccess(ctx))
throw APIErrors.UnauthorizedFrontHistory;
var sw = await _repo.GetSwitchByUuid(switchId);
if (sw == null)
throw APIErrors.SwitchNotFound;
var members = _db.Execute(conn => _repo.GetSwitchMembers(conn, sw.Id));

View File

@ -46,7 +46,7 @@ namespace PluralKit.API
public static PKError MemberNotFound = new(404, 20002, "Member not found.");
public static PKError GroupNotFound = new(404, 20003, "Group not found.");
public static PKError MessageNotFound = new(404, 20004, "Message not found.");
public static PKError SwitchNotFound = new(404, 20005, "Switch not found.");
public static PKError SwitchNotFound = new(404, 20005, "Switch not found, switch is associated to different system, or unauthorized to view front history.");
public static PKError UnauthorizedMemberList = new(403, 30001, "Unauthorized to view member list");
public static PKError UnauthorizedGroupList = new(403, 30002, "Unauthorized to view group list");
public static PKError UnauthorizedGroupMemberList = new(403, 30003, "Unauthorized to view group member list");