lywsvip/server
1
0
Fork 0
mirror of https://github.com/gotify/server.git synced 2026-06-06 12:40:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check ownership of app on GetMessagesWithToken

Browse Source
This commit is contained in:
Jannis Mattheis
2018-03-10 21:32:45 +01:00
committed by Jannis Mattheis
parent 98df7501f6
commit 4078358aaa
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
api/message.go
View File

@@ -43,8 +43,12 @@ func (a *MessageAPI) GetMessages(ctx *gin.Context) {
// GetMessagesWithApplication returns all messages from a specific application.
func (a *MessageAPI) GetMessagesWithApplication(ctx *gin.Context) {
withID(ctx, "appid", func(id uint) {
messages := a.DB.GetMessagesByApplication(id)
ctx.JSON(200, messages)
if app := a.DB.GetApplicationByID(id); app != nil && app.UserID == auth.GetUserID(ctx) {
messages := a.DB.GetMessagesByApplication(id)
ctx.JSON(200, messages)
} else {
ctx.AbortWithError(404, errors.New("application does not exist"))
}
})
}