diff options
Diffstat (limited to 'src/routes')
| -rw-r--r-- | src/routes/model.rs | 8 | ||||
| -rw-r--r-- | src/routes/user.rs | 4 |
2 files changed, 5 insertions, 7 deletions
diff --git a/src/routes/model.rs b/src/routes/model.rs index 4f935a9..0572977 100644 --- a/src/routes/model.rs +++ b/src/routes/model.rs @@ -109,12 +109,10 @@ async fn delete_model(claims: Claims, Path(model_id): Path<i32>) -> Result<Statu let user = User::find_by_id(claims.user_id).await?; - let uploads: Vec<String> = model.upload_paths().await.unwrap(); + let uploads: Vec<String> = model.list_upload_filepaths().await.unwrap(); - if model.author_id() != user.id { - if !user.is_staff.unwrap() { - return Err(AppError::Unauthorized); - } + if !(model.author_id() == user.id || user.is_staff.unwrap()) { + return Err(AppError::Unauthorized); } // If the model has been deleted, remove all old uploads from the file system diff --git a/src/routes/user.rs b/src/routes/user.rs index d20f1f6..791e441 100644 --- a/src/routes/user.rs +++ b/src/routes/user.rs @@ -63,7 +63,7 @@ async fn edit_my_avatar( if user.avatar.is_some() { let avatar_url = user.avatar.as_ref().unwrap(); - delete_upload(&avatar_url)?; + delete_upload(avatar_url)?; } match upload( @@ -93,7 +93,7 @@ async fn delete_my_avatar(claims: Claims) -> Result<Json<UserList>, AppError> { if user.avatar.is_some() { let avatar_url = user.avatar.as_ref().unwrap(); - delete_upload(&avatar_url)?; + delete_upload(avatar_url)?; } user.edit_avatar(None).await?; |