Merge pull request #10 from IntersectMBO/bugFix-1197

Fix #1197 -added user check in controller
IntersectMBO · Nov 6, 2024 · 37764fe · 37764fe
2 parents a20c9de + a90ef0d
commit 37764fe
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/backend/src/api/poll/controllers/poll.js b/backend/src/api/poll/controllers/poll.js
@@ -8,6 +8,28 @@
 const { createCoreController } = require('@strapi/strapi').factories;
 
 module.exports = createCoreController('api::poll.poll', ({ strapi }) => ({
+	async create(ctx) {
+		try {
+		const { data } = ctx?.request?.body;
+		const user = ctx?.state?.user;
+		const proposal = await strapi.entityService.findOne("api::proposal.proposal",data.proposal_id);
+		if(user.id.toString() !== proposal.user_id.toString())
+		{
+			return ctx.badRequest(null, 'User is not owner of this proposal');
+		}
+
+		const newPool = await strapi.entityService.create("api::poll.poll",{data:data});
+		return this.transformResponse(newPool);
+		}
+		catch (error) {
+			console.error(error);
+			ctx.status = 500;
+			ctx.body = { error: error, message: error.message };
+		}
+	},
+
+
+
 	async update(ctx) {
 		const { id } = ctx.params;
 		const { data } = ctx?.request?.body;