From 62599898d071d87be0c85543ace128e0c14b9d47 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Fri, 17 Dec 2021 14:50:42 +0100 Subject: [PATCH] fix(backend): Invite must search user in database --- backend/flaschengeist_events/routes.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/backend/flaschengeist_events/routes.py b/backend/flaschengeist_events/routes.py index 90a5432..ab427f6 100644 --- a/backend/flaschengeist_events/routes.py +++ b/backend/flaschengeist_events/routes.py @@ -471,7 +471,7 @@ def invite(current_session: Session): Route: ``/events/invites`` | Method: ``POST`` - POST-data: ``{job: number, invitees: string[], is_transfer?: boolean}`` + POST-data: ``{job: number, invitees: string[], transferee?: string}`` Args: current_session: Session sent with Authorization Header @@ -481,10 +481,8 @@ def invite(current_session: Session): """ data = request.get_json() transferee = data.get("transferee", None) - if ( - transferee is not None - and transferee != current_session.userid - and not current_session.user_.has_permission(permissions.ASSIGN_OTHER) + if transferee is not None and ( + transferee != current_session.userid or not current_session.user_.has_permission(permissions.ASSIGN_OTHER) ): raise Forbidden @@ -494,11 +492,11 @@ def invite(current_session: Session): raise BadRequest return jsonify( [ - event_controller.invite(job, invitee, current_session.user_, transferee) + event_controller.invite(job, invitee, current_session.user_, userController.get_user(transferee) if transferee else None) for invitee in [userController.get_user(uid) for uid in data["invitees"]] ] ) - except (TypeError, KeyError, ValueError): + except (TypeError, KeyError, ValueError, NotFound): raise BadRequest