summaryrefslogtreecommitdiffstats
path: root/src/server/Api/V1/Entries/UpdateEntryRoute.cs
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/Api/V1/Entries/UpdateEntryRoute.cs')
-rw-r--r--src/server/Api/V1/Entries/UpdateEntryRoute.cs5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/server/Api/V1/Entries/UpdateEntryRoute.cs b/src/server/Api/V1/Entries/UpdateEntryRoute.cs
index 96c60fe..919364d 100644
--- a/src/server/Api/V1/Entries/UpdateEntryRoute.cs
+++ b/src/server/Api/V1/Entries/UpdateEntryRoute.cs
@@ -1,4 +1,3 @@
-using System.Security.Cryptography;
using IOL.BookmarkThing.Server.Api.V1.Entries.Dtos;
namespace IOL.BookmarkThing.Server.Api.V1.Entries;
@@ -24,6 +23,10 @@ public class UpdateEntryRoute : RouteBaseV1Sync.WithRequest<UpdateEntryRequest>.
[ApiVersion(ApiSpecV1.VERSION_STRING)]
[HttpPost("~/v{version:apiVersion}/entries/update")]
public override ActionResult<EntryDto> Handle(UpdateEntryRequest entryToUpdate) {
+ if (IsApiCall() && !HasApiPermission(Constants.TOKEN_ALLOW_UPDATE)) {
+ return StatusCode(403, "Your token does not permit access to this resource");
+ }
+
var entry = _context.Entries.SingleOrDefault(c => c.Id == entryToUpdate.Id && c.UserId == LoggedInUser.Id);
if (entry == default) {
return NotFound(new ErrorResult("Entry does not exist"));
generated by cgit v1.3 (git 2.53.0) at 2026-03-07 09:01:31 +0100