summaryrefslogtreecommitdiff
path: root/backend/src/API
diff options
context:
space:
mode:
Diffstat (limited to 'backend/src/API')
-rw-r--r--backend/src/API/WeaponsAPI.zig16
1 files changed, 12 insertions, 4 deletions
diff --git a/backend/src/API/WeaponsAPI.zig b/backend/src/API/WeaponsAPI.zig
index 7c8d72a..101c436 100644
--- a/backend/src/API/WeaponsAPI.zig
+++ b/backend/src/API/WeaponsAPI.zig
@@ -42,7 +42,9 @@ fn getRangedWeaponById(_: *Handler.RequestData, req: *httpz.Request, res: *httpz
try res.json(found, .{});
}
-fn newRangedWeapon(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+fn newRangedWeapon(data: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+ try data.CheckAccess(.editor);
+
var body = try req.json(model.RequestBody) orelse {
res.setStatus(.bad_request);
return;
@@ -63,7 +65,9 @@ fn newRangedWeapon(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.Res
res.setStatus(.created);
}
-fn updateRangedWeapon(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+fn updateRangedWeapon(data: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+ try data.CheckAccess(.editor);
+
const id = req.param("id") orelse {
res.setStatus(.bad_request);
return;
@@ -85,7 +89,9 @@ fn updateRangedWeapon(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.
};
}
-fn deleteRangedWeapon(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+fn deleteRangedWeapon(data: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+ try data.CheckAccess(.editor);
+
const id = req.param("id") orelse {
res.setStatus(.bad_request);
return;
@@ -118,7 +124,9 @@ fn getRangedWeaponDescription(_: *Handler.RequestData, req: *httpz.Request, res:
try res.json(desc, .{});
}
-fn setRangedWeaponDescription(_: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+fn setRangedWeaponDescription(data: *Handler.RequestData, req: *httpz.Request, res: *httpz.Response) !void {
+ try data.CheckAccess(.editor);
+
const id = req.param("id") orelse {
res.setStatus(.bad_request);
return;
Rendered by CGit