avatic/lcc_tool
avatic/lcc_tool
1
0
Fork 0
Code Issues 31 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Bugfix: Check premise access rights works as expected.

Browse source
This commit is contained in:
Jan 2025-10-18 09:45:26 +02:00
parent 20ad15e4e4
commit 8aca48b5ec
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/main/java/de/avatic/lcc/repositories/premise/PremiseRepository.java
View file

@ -635,10 +635,14 @@ public class PremiseRepository {
@Transactional @Transactional
public void checkOwner(List<Integer> premiseIds, int userId) { public void checkOwner(List<Integer> premiseIds, int userId) {
String query = """ String query = """
SELECT id FROM premise WHERE premise.id IN (?) AND user_id <> ? SELECT id FROM premise WHERE premise.id IN (:premiseIds) AND user_id <> :userId
"""; """;
var otherIds = jdbcTemplate.queryForList(query, Integer.class, premiseIds, userId); MapSqlParameterSource parameters = new MapSqlParameterSource();
parameters.addValue("premiseIds", premiseIds);
parameters.addValue("userId", userId);
var otherIds = namedParameterJdbcTemplate.queryForList(query, parameters, Integer.class);
if (!otherIds.isEmpty()) { if (!otherIds.isEmpty()) {
throw new ForbiddenException("Access violation. Cannot open premise with ids = " + otherIds); throw new ForbiddenException("Access violation. Cannot open premise with ids = " + otherIds);