From 06b3e0b390c9efa5fbaf61f50f5f2c4d71d0ca56 Mon Sep 17 00:00:00 2001 From: jeff Date: Thu, 31 Dec 2020 20:19:45 +0000 Subject: [PATCH] Skip loading owner of character for API. --- src/db.rs | 3 --- src/routes/api.rs | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/db.rs b/src/db.rs index 026c6ae..b765a2a 100644 --- a/src/db.rs +++ b/src/db.rs @@ -42,9 +42,6 @@ pub(crate) trait Dao { async fn update_character_sheet<'a>(&self, character: &'a Character) -> sqlx::Result<()>; } -//TODO is: -// - use compile time queries -// - find replacement for diesel migrations #[rocket::async_trait] impl Dao for SqlitePool { async fn load_user_by_id(&self, user_id: i32) -> sqlx::Result> { diff --git a/src/routes/api.rs b/src/routes/api.rs index 443485a..95454db 100644 --- a/src/routes/api.rs +++ b/src/routes/api.rs @@ -30,13 +30,13 @@ async fn load_character( character_id: i32, ) -> Result { let logged_in_user = logged_in_user.ok_or(Error::NotLoggedIn)?; - let owner = conn.load_user(&owner).await?.ok_or(Error::NotFound)?; + let character: Character = conn .load_character(character_id) .await? .ok_or(Error::NotFound)?; - if logged_in_user != &owner { + if logged_in_user.username != owner { return Err(Error::NoPermission); }