Merge pull request #266 from systemli/Fix-uploading-Files-as-User

🐛 Fix uploading Files as User
systemli · Oct 24, 2023 · 6b06a9e · 6b06a9e
2 parents 4f6a20d + 4968fba
commit 6b06a9e
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 40 deletions.
diff --git a/internal/api/upload.go b/internal/api/upload.go
@@ -41,23 +41,12 @@ func (h *handler) PostUpload(c *gin.Context) {
 		return
 	}
 
-	ticker, err := h.storage.FindTickerByID(tickerID)
+	ticker, err := h.storage.FindTickerByUserAndID(me, tickerID)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, response.ErrorResponse(response.CodeDefault, response.TickerNotFound))
 		return
 	}
 
-	if !me.IsSuperAdmin {
-		tickerIDs := make([]int, 0, len(me.Tickers))
-		for _, t := range me.Tickers {
-			tickerIDs = append(tickerIDs, t.ID)
-		}
-		if !util.Contains(tickerIDs, tickerID) {
-			c.JSON(http.StatusForbidden, response.ErrorResponse(response.CodeInsufficientPermissions, response.InsufficientPermissions))
-			return
-		}
-	}
-
 	files := form.File["files"]
 	if len(files) < 1 {
 		c.JSON(http.StatusBadRequest, response.ErrorResponse(response.CodeDefault, response.FilesIdentifierMissing))

diff --git a/internal/api/upload_test.go b/internal/api/upload_test.go
@@ -104,7 +104,7 @@ func TestPostUploadTickerNotFound(t *testing.T) {
 	c.Request = httptest.NewRequest(http.MethodPost, "/upload", body)
 	c.Request.Header.Add("Content-Type", writer.FormDataContentType())
 	s := &storage.MockStorage{}
-	s.On("FindTickerByID", mock.Anything).Return(storage.Ticker{}, errors.New("not found"))
+	s.On("FindTickerByUserAndID", mock.Anything, mock.Anything).Return(storage.Ticker{}, errors.New("not found"))
 	h := handler{
 		storage: s,
 		config:  config.NewConfig(),
@@ -115,28 +115,6 @@ func TestPostUploadTickerNotFound(t *testing.T) {
 	assert.Equal(t, http.StatusBadRequest, w.Code)
 }
 
-func TestPostUploadWrongPermission(t *testing.T) {
-	w := httptest.NewRecorder()
-	c, _ := gin.CreateTestContext(w)
-	c.Set("me", storage.User{IsSuperAdmin: false})
-	body := new(bytes.Buffer)
-	writer := multipart.NewWriter(body)
-	writer.WriteField("ticker", "1")
-	_ = writer.Close()
-	c.Request = httptest.NewRequest(http.MethodPost, "/upload", body)
-	c.Request.Header.Add("Content-Type", writer.FormDataContentType())
-	s := &storage.MockStorage{}
-	s.On("FindTickerByID", mock.Anything).Return(storage.Ticker{}, nil)
-	h := handler{
-		storage: s,
-		config:  config.NewConfig(),
-	}
-
-	h.PostUpload(c)
-
-	assert.Equal(t, http.StatusForbidden, w.Code)
-}
-
 func TestPostUploadMissingFiles(t *testing.T) {
 	w := httptest.NewRecorder()
 	c, _ := gin.CreateTestContext(w)
@@ -148,7 +126,7 @@ func TestPostUploadMissingFiles(t *testing.T) {
 	c.Request = httptest.NewRequest(http.MethodPost, "/upload", body)
 	c.Request.Header.Add("Content-Type", writer.FormDataContentType())
 	s := &storage.MockStorage{}
-	s.On("FindTickerByID", mock.Anything).Return(storage.Ticker{}, nil)
+	s.On("FindTickerByUserAndID", mock.Anything, mock.Anything).Return(storage.Ticker{}, nil)
 	h := handler{
 		storage: s,
 		config:  config.NewConfig(),
@@ -180,7 +158,7 @@ func TestPostUpload(t *testing.T) {
 	c.Request = httptest.NewRequest(http.MethodPost, "/upload", body)
 	c.Request.Header.Add("Content-Type", writer.FormDataContentType())
 	s := &storage.MockStorage{}
-	s.On("FindTickerByID", mock.Anything).Return(storage.Ticker{}, nil)
+	s.On("FindTickerByUserAndID", mock.Anything, mock.Anything).Return(storage.Ticker{}, nil)
 	s.On("SaveUpload", mock.Anything).Return(nil)
 	h := handler{
 		storage: s,
@@ -213,7 +191,7 @@ func TestPostUploadGIF(t *testing.T) {
 	c.Request = httptest.NewRequest(http.MethodPost, "/upload", body)
 	c.Request.Header.Add("Content-Type", writer.FormDataContentType())
 	s := &storage.MockStorage{}
-	s.On("FindTickerByID", mock.Anything).Return(storage.Ticker{}, nil)
+	s.On("FindTickerByUserAndID", mock.Anything, mock.Anything).Return(storage.Ticker{}, nil)
 	s.On("SaveUpload", mock.Anything).Return(nil)
 	h := handler{
 		storage: s,
@@ -247,7 +225,7 @@ func TestPostUploadTooMuchFiles(t *testing.T) {
 	c.Request = httptest.NewRequest(http.MethodPost, "/upload", body)
 	c.Request.Header.Add("Content-Type", writer.FormDataContentType())
 	s := &storage.MockStorage{}
-	s.On("FindTickerByID", mock.Anything).Return(storage.Ticker{}, nil)
+	s.On("FindTickerByUserAndID", mock.Anything, mock.Anything).Return(storage.Ticker{}, nil)
 	s.On("SaveUpload", mock.Anything).Return(nil)
 	h := handler{
 		storage: s,
@@ -280,7 +258,7 @@ func TestPostUploadForbiddenFileType(t *testing.T) {
 	c.Request = httptest.NewRequest(http.MethodPost, "/upload", body)
 	c.Request.Header.Add("Content-Type", writer.FormDataContentType())
 	s := &storage.MockStorage{}
-	s.On("FindTickerByID", mock.Anything).Return(storage.Ticker{}, nil)
+	s.On("FindTickerByUserAndID", mock.Anything, mock.Anything).Return(storage.Ticker{}, nil)
 	s.On("SaveUpload", mock.Anything).Return(nil)
 	h := handler{
 		storage: s,