Skip to content

Commit

Permalink
Ensure user can only see Post for the jam it's attached to
Browse files Browse the repository at this point in the history
  • Loading branch information
Willdotwhite committed Mar 21, 2024
1 parent cac7787 commit 5b9345a
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
7 changes: 6 additions & 1 deletion api/src/main/kotlin/com/gmtkgamejam/routing/PostRoutes.kt
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,12 @@ fun Application.configurePostRouting() {

get("{id}") {
val post: PostItem? = call.parameters["id"]?.let { service.getPost(it) }
if (post?.deletedAt != null) {

// Simple filter for full page post views
val jamId = call.parameters["jamId"]
val postBelongsToCurrentJam = jamId == null || post?.jamId == jamId

if (post?.deletedAt != null || !postBelongsToCurrentJam) {
call.respondJSON("Post not found", status = HttpStatusCode.NotFound)
}

Expand Down
4 changes: 2 additions & 2 deletions ui/src/pages/post/Post.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,12 @@ import {JoinDiscordButton} from "./components/JoinDiscordButton.tsx";

export const Post: React.FC<{}> = () => {

const { postId } = useParams()
const { jamId, postId } = useParams()
const navigate = useNavigate();
const [post, setPost] = useState<PostModel>()

useEffect(() => {
fetch(`${import.meta.env.VITE_API_URL}/posts/${postId}`)
fetch(`${import.meta.env.VITE_API_URL}/posts/${postId}?jamId=${jamId}`)
.then(res => res.json())
.then(setPost)
}, [])
Expand Down

0 comments on commit 5b9345a

Please sign in to comment.