fix(apiv2): correctly apply privacy settings on switch get
This commit is contained in:
parent
e2a56a198f
commit
c164fad2ac
@ -105,13 +105,13 @@ namespace PluralKit.API
|
|||||||
if (system == null)
|
if (system == null)
|
||||||
throw APIErrors.SystemNotFound;
|
throw APIErrors.SystemNotFound;
|
||||||
|
|
||||||
|
var sw = await _repo.GetSwitchByUuid(switchId);
|
||||||
|
if (sw == null || system.Id != sw.System)
|
||||||
|
throw APIErrors.SwitchNotFound;
|
||||||
|
|
||||||
var ctx = this.ContextFor(system);
|
var ctx = this.ContextFor(system);
|
||||||
|
|
||||||
if (!system.FrontHistoryPrivacy.CanAccess(ctx))
|
if (!system.FrontHistoryPrivacy.CanAccess(ctx))
|
||||||
throw APIErrors.UnauthorizedFrontHistory;
|
|
||||||
|
|
||||||
var sw = await _repo.GetSwitchByUuid(switchId);
|
|
||||||
if (sw == null)
|
|
||||||
throw APIErrors.SwitchNotFound;
|
throw APIErrors.SwitchNotFound;
|
||||||
|
|
||||||
var members = _db.Execute(conn => _repo.GetSwitchMembers(conn, sw.Id));
|
var members = _db.Execute(conn => _repo.GetSwitchMembers(conn, sw.Id));
|
||||||
|
@ -46,7 +46,7 @@ namespace PluralKit.API
|
|||||||
public static PKError MemberNotFound = new(404, 20002, "Member not found.");
|
public static PKError MemberNotFound = new(404, 20002, "Member not found.");
|
||||||
public static PKError GroupNotFound = new(404, 20003, "Group not found.");
|
public static PKError GroupNotFound = new(404, 20003, "Group not found.");
|
||||||
public static PKError MessageNotFound = new(404, 20004, "Message not found.");
|
public static PKError MessageNotFound = new(404, 20004, "Message not found.");
|
||||||
public static PKError SwitchNotFound = new(404, 20005, "Switch not found.");
|
public static PKError SwitchNotFound = new(404, 20005, "Switch not found, switch is associated to different system, or unauthorized to view front history.");
|
||||||
public static PKError UnauthorizedMemberList = new(403, 30001, "Unauthorized to view member list");
|
public static PKError UnauthorizedMemberList = new(403, 30001, "Unauthorized to view member list");
|
||||||
public static PKError UnauthorizedGroupList = new(403, 30002, "Unauthorized to view group list");
|
public static PKError UnauthorizedGroupList = new(403, 30002, "Unauthorized to view group list");
|
||||||
public static PKError UnauthorizedGroupMemberList = new(403, 30003, "Unauthorized to view group member list");
|
public static PKError UnauthorizedGroupMemberList = new(403, 30003, "Unauthorized to view group member list");
|
||||||
|
Loading…
Reference in New Issue
Block a user