scout_ante/dashboard-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement better permission check

Browse Source
This commit is contained in:
rxdn 2022-05-30 20:33:42 +01:00
parent c3775d03b8
commit d9e4df9e8e
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/http/endpoints/api/ticket/closeticket.go
View File

@ -48,12 +48,23 @@ func CloseTicket(ctx *gin.Context) {
// Verify the ticket exists // Verify the ticket exists
if ticket.UserId == 0 { if ticket.UserId == 0 {
ctx.AbortWithStatusJSON(404, gin.H{ ctx.AbortWithStatusJSON(404, gin.H{
"success": true, "success": false,
"error": "Ticket does not exist", "error": "Ticket does not exist",
}) })
return return
} }
hasPermission, err := utils.HasPermissionToViewTicket(guildId, userId, ticket)
if err != nil {
ctx.JSON(500, utils.ErrorJson(err))
return
}
if !hasPermission {
ctx.JSON(403, utils.ErrorStr("You do not have permission to close this ticket"))
return
}
data := closerelay.TicketClose{ data := closerelay.TicketClose{
GuildId: guildId, GuildId: guildId,
TicketId: ticket.Id, TicketId: ticket.Id,