ClaytonWWilson/Listify
1
0
Fork 0
mirror of https://github.com/ClaytonWWilson/Listify.git synced 2026-03-11 11:05:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Stricter access checking

Browse Source 
Properly restrict access to list actions to only authorized users.
This commit is contained in:
NMerz
2020-11-14 14:29:48 -05:00
parent 82272a9a29
commit 954b52dc0a
11 changed files with 132 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Lambdas/Lists/List/src/ListDeleter.java
View File

@@ -37,6 +37,11 @@ public class ListDeleter implements CallHandler {
ResultSet userLists = accessCheck.executeQuery();
if (!userLists.next()) {
throw new AccessControlException("User does not have access to list");
} else {
Integer permissionLevel = userLists.getInt("permissionLevel");
if (!ListPermissions.hasPermission(permissionLevel, "Delete")) {
throw new AccessControlException("User " + cognitoID + " does not have permission to delete list " + listID);
}
}
PreparedStatement cleanAccess = connection.prepareStatement(DELETE_LIST_ACCESS);
cleanAccess.setInt(1, listID);