StrafesNET/maps-service
6
Fork 0
Code Issues17 Pull Requests Packages Projects Releases Wiki Activity

submissions: submitter cannot accept their own submission

Browse Source
This commit is contained in:
Quaternions 2025-03-19 18:12:18 -07:00
parent 73e5c76e75
commit 6748cb4324
1 changed files with 16 additions and 1 deletions

17
pkg/service/submissions.go

@ -496,10 +496,25 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params
return ErrPermissionDenied return ErrPermissionDenied
} }
// read submission (this could be done with a transaction WHERE clause)
submission, err := svc.DB.Submissions().Get(ctx, params.SubmissionID)
if err != nil {
return err
}
has_role, err = userInfo.IsSubmitter(uint64(submission.Submitter))
if err != nil {
return err
}
// check if caller is NOT the submitter
if has_role {
return ErrPermissionDenied
}
// transaction // transaction
smap := datastore.Optional() smap := datastore.Optional()
smap.Add("status_id", model.StatusValidating) smap.Add("status_id", model.StatusValidating)
submission, err := svc.DB.Submissions().IfStatusThenUpdateAndGet(ctx, params.SubmissionID, []model.Status{model.StatusSubmitted, model.StatusAccepted}, smap) submission, err = svc.DB.Submissions().IfStatusThenUpdateAndGet(ctx, params.SubmissionID, []model.Status{model.StatusSubmitted, model.StatusAccepted}, smap)
if err != nil { if err != nil {
return err return err
} }