IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2026-01-20 20:01:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add check if user is owner of the contribution before deleting.

Browse Source
This commit is contained in:
elweyn 2022-07-05 09:37:41 +02:00
parent 62e7abe76e
commit 9bd5710933
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
backend/src/graphql/resolver/ContributionResolver.ts
View File

@ -35,11 +35,18 @@ export class ContributionResolver {
@Authorized([RIGHTS.DELETE_CONTRIBUTION])
@Mutation(() => Boolean)
async adminDeleteContribution(@Arg('id', () => Int) id: number): Promise<boolean> {
async adminDeleteContribution(
@Arg('id', () => Int) id: number,
@Ctx() context: Context,
): Promise<boolean> {
const user = getUser(context)
const contribution = await Contribution.findOne(id)
if (!contribution) {
throw new Error('Contribution not found for given id.')
}
if (contribution.userId !== user.id) {
throw new Error('Can not delete contribution of another user')
}
const res = await contribution.softRemove()
return !!res
}