granblue.team/hensei-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't allow destroy if owner is not current user

Browse source
This commit is contained in:
Justin Edmund 2022-02-23 16:34:36 -08:00
parent 53e6e8bd39
commit 29c3415df2
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/api/v1/parties_controller.rb
View file

@ -31,8 +31,12 @@ class Api::V1::PartiesController < Api::V1::ApiController
end end
def destroy def destroy
if @party.user != current_user
render_unauthorized_response
else
render :destroyed, status: :ok if @party.destroy render :destroyed, status: :ok if @party.destroy
end end
end
def weapons def weapons
render_not_found_response if @party.nil? render_not_found_response if @party.nil?