diff options
Diffstat (limited to 'src/server/Api/V1/Entries/DeleteEntryRoute.cs')
| -rw-r--r-- | src/server/Api/V1/Entries/DeleteEntryRoute.cs | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/server/Api/V1/Entries/DeleteEntryRoute.cs b/src/server/Api/V1/Entries/DeleteEntryRoute.cs index fc79049..c979c1f 100644 --- a/src/server/Api/V1/Entries/DeleteEntryRoute.cs +++ b/src/server/Api/V1/Entries/DeleteEntryRoute.cs @@ -18,6 +18,10 @@ public class DeleteEntryRoute : RouteBaseV1Sync.WithRequest<Guid>.WithActionResu [ApiVersion(ApiSpecV1.VERSION_STRING)] [HttpDelete("~/v{version:apiVersion}/entries/{entryId:guid}")] public override ActionResult Handle(Guid entryId) { + if (IsApiCall() && !HasApiPermission(Constants.TOKEN_ALLOW_DELETE)) { + return StatusCode(403, "Your token does not permit access to this resource"); + } + var entry = _context.Entries.SingleOrDefault(c => c.Id == entryId && c.UserId == LoggedInUser.Id); if (entry == default) { return NotFound(new ErrorResult("Entry does not exist")); |