Fix checking list rights when accessing a bucket

This commit is contained in:
kolaente 2021-04-22 16:44:42 +02:00
parent 4393320691
commit 4ceeb877b1
Signed by untrusted user: konrad
GPG Key ID: F40E70337AB24C9B

View File

@ -119,6 +119,19 @@ func getDoneBucketForList(s *xorm.Session, listID int64) (bucket *Bucket, err er
// @Router /lists/{id}/buckets [get]
func (b *Bucket) ReadAll(s *xorm.Session, auth web.Auth, search string, page int, perPage int) (result interface{}, resultCount int, numberOfTotalItems int64, err error) {
list, err := GetListSimpleByID(s, b.ListID)
if err != nil {
return nil, 0, 0, err
}
can, _, err := list.CanRead(s, auth)
if err != nil {
return nil, 0, 0, err
}
if !can {
return nil, 0, 0, ErrGenericForbidden{}
}
// Get all buckets for this list
buckets := []*Bucket{}
err = s.Where("list_id = ?", b.ListID).Find(&buckets)