From a90ef0d6f94dea9968c5b0cc6fb211814b9dc422 Mon Sep 17 00:00:00 2001
From: nebojsajsimic <6024893+nebojsajsimic@users.noreply.github.com>
Date: Wed, 6 Nov 2024 15:04:55 +0100
Subject: [PATCH] Fix #1197 -added user check in controller

---
 backend/src/api/poll/controllers/poll.js | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/backend/src/api/poll/controllers/poll.js b/backend/src/api/poll/controllers/poll.js
index a2bab47..8fb9887 100644
--- a/backend/src/api/poll/controllers/poll.js
+++ b/backend/src/api/poll/controllers/poll.js
@@ -8,6 +8,28 @@
 const { createCoreController } = require('@strapi/strapi').factories;
 
 module.exports = createCoreController('api::poll.poll', ({ strapi }) => ({
+	async create(ctx) {
+		try {
+		const { data } = ctx?.request?.body;
+		const user = ctx?.state?.user;
+		const proposal = await strapi.entityService.findOne("api::proposal.proposal",data.proposal_id);
+		if(user.id.toString() !== proposal.user_id.toString())
+		{
+			return ctx.badRequest(null, 'User is not owner of this proposal');
+		}
+		
+		const newPool = await strapi.entityService.create("api::poll.poll",{data:data});
+		return this.transformResponse(newPool);
+		}
+		catch (error) {
+			console.error(error);
+			ctx.status = 500;
+			ctx.body = { error: error, message: error.message };
+		}
+	},
+
+
+
 	async update(ctx) {
 		const { id } = ctx.params;
 		const { data } = ctx?.request?.body;