discours.io/core
5
0
Fork 0
Code Pull Requests Actions Projects Activity

auth fixes, search connected

Browse Source
This commit is contained in:
Untone
2025-05-22 04:34:30 +03:00
parent 32bc1276e0
commit ab39b534fe
23 changed files with 610 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
resolvers/topic.py
View File

@@ -315,12 +315,12 @@ async def update_topic(_, _info, topic_input):
@mutation.field("delete_topic")
@login_required
async def delete_topic(_, info, slug: str):
user_id = info.context["user_id"]
viewer_id = info.context.get("author", {}).get("id")
with local_session() as session:
t: Topic = session.query(Topic).filter(Topic.slug == slug).first()
if not t:
return {"error": "invalid topic slug"}
author = session.query(Author).filter(Author.id == user_id).first()
author = session.query(Author).filter(Author.id == viewer_id).first()
if author:
if t.created_by != author.id:
return {"error": "access denied"}