Fix creating new things with a link share auth

This commit is contained in:
kolaente 2020-05-12 15:51:48 +02:00
parent cb095d70df
commit 4137d4aed2
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
3 changed files with 19 additions and 13 deletions

View file

@ -553,9 +553,16 @@ func (t *Task) Create(a web.Auth) (err error) {
return return
} }
u, err := user.GetUserByID(a.GetID()) if _, is := a.(*LinkSharing); is {
if err != nil { // A negative user id indicates user share links
return err t.CreatedByID = a.GetID() * -1
} else {
u, err := user.GetUserByID(a.GetID())
if err != nil {
return err
}
t.CreatedByID = u.ID
t.CreatedBy = u
} }
// Generate a uuid if we don't already have one // Generate a uuid if we don't already have one
@ -586,8 +593,6 @@ func (t *Task) Create(a web.Auth) (err error) {
} }
t.Index = latestTask.Index + 1 t.Index = latestTask.Index + 1
t.CreatedByID = u.ID
t.CreatedBy = u
// If no position was supplied, set a default one // If no position was supplied, set a default one
if t.Position == 0 { if t.Position == 0 {
t.Position = float64(latestTask.ID+1) * math.Pow(2, 16) t.Position = float64(latestTask.ID+1) * math.Pow(2, 16)

View file

@ -18,7 +18,6 @@ package v1
import ( import (
"code.vikunja.io/api/pkg/models" "code.vikunja.io/api/pkg/models"
user2 "code.vikunja.io/api/pkg/user"
"code.vikunja.io/web/handler" "code.vikunja.io/web/handler"
"github.com/labstack/echo/v4" "github.com/labstack/echo/v4"
"net/http" "net/http"
@ -46,11 +45,12 @@ func UploadTaskAttachment(c echo.Context) error {
} }
// Rights check // Rights check
user, err := user2.GetCurrentUser(c) auth, err := GetAuthFromClaims(c)
if err != nil { if err != nil {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }
can, err := taskAttachment.CanCreate(user)
can, err := taskAttachment.CanCreate(auth)
if err != nil { if err != nil {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }
@ -83,7 +83,7 @@ func UploadTaskAttachment(c echo.Context) error {
} }
defer f.Close() defer f.Close()
err = ta.NewAttachment(f, file.Filename, uint64(file.Size), user) err = ta.NewAttachment(f, file.Filename, uint64(file.Size), auth)
if err != nil { if err != nil {
r.Errors = append(r.Errors, handler.HandleHTTPError(err, c)) r.Errors = append(r.Errors, handler.HandleHTTPError(err, c))
continue continue
@ -115,11 +115,11 @@ func GetTaskAttachment(c echo.Context) error {
} }
// Rights check // Rights check
user, err := user2.GetCurrentUser(c) auth, err := GetAuthFromClaims(c)
if err != nil { if err != nil {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }
can, err := taskAttachment.CanRead(user) can, err := taskAttachment.CanRead(auth)
if err != nil { if err != nil {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }

View file

@ -73,11 +73,12 @@ func ListUsersForList(c echo.Context) error {
} }
list := models.List{ID: listID} list := models.List{ID: listID}
currentUser, err := user.GetCurrentUser(c) auth, err := GetAuthFromClaims(c)
if err != nil { if err != nil {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }
canRead, err := list.CanRead(currentUser)
canRead, err := list.CanRead(auth)
if err != nil { if err != nil {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }