summaryrefslogtreecommitdiff
path: root/backend/src/API/WeaponsAPI.zig
diff options
context:
space:
mode:
authorphyscik <mynameisgennadiy@vk.com>2026-04-27 16:52:45 +0500
committerphyscik <mynameisgennadiy@vk.com>2026-04-27 16:52:45 +0500
commit9a43fa05ade031c91d515d1254e05fd33cc7a482 (patch)
treec585ee7725c5e88518e18ff98b93b944caa4520e /backend/src/API/WeaponsAPI.zig
parentb5ce961b3ef30758f77e2487dc9b6ed2dd39de73 (diff)
Auth middleware + origin check
Diffstat (limited to 'backend/src/API/WeaponsAPI.zig')
-rw-r--r--backend/src/API/WeaponsAPI.zig16
1 files changed, 12 insertions, 4 deletions
diff --git a/backend/src/API/WeaponsAPI.zig b/backend/src/API/WeaponsAPI.zig
index 7c8d72a..101c436 100644
--- a/backend/src/API/WeaponsAPI.zig
+++ b/backend/src/API/WeaponsAPI.zig
@@ -42,7 +42,9 @@ fn getRangedWeaponById(_: *Handler.RequestData, req: *httpz.Request, res: *httpz
try res.json(found, .{});
}
-fn newRangedWeapon(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+fn newRangedWeapon(data: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+ try data.CheckAccess(.editor);
+
var body = try req.json(model.RequestBody) orelse {
res.setStatus(.bad_request);
return;
@@ -63,7 +65,9 @@ fn newRangedWeapon(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.Res
res.setStatus(.created);
}
-fn updateRangedWeapon(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+fn updateRangedWeapon(data: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+ try data.CheckAccess(.editor);
+
const id = req.param("id") orelse {
res.setStatus(.bad_request);
return;
@@ -85,7 +89,9 @@ fn updateRangedWeapon(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.
};
}
-fn deleteRangedWeapon(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+fn deleteRangedWeapon(data: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+ try data.CheckAccess(.editor);
+
const id = req.param("id") orelse {
res.setStatus(.bad_request);
return;
@@ -118,7 +124,9 @@ fn getRangedWeaponDescription(_: *Handler.RequestData, req: *httpz.Request, res:
try res.json(desc, .{});
}
-fn setRangedWeaponDescription(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+fn setRangedWeaponDescription(data: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+ try data.CheckAccess(.editor);
+
const id = req.param("id") orelse {
res.setStatus(.bad_request);
return;
Rendered by CGit