diff options
| author | 2022-02-11 00:12:58 +0400 | |
|---|---|---|
| committer | 2022-02-11 00:12:58 +0400 | |
| commit | 10080f8f30fc29fca259347a7747cd27ab4c04ff (patch) | |
| tree | 362608affc7d10837c5bcb715ebefd0fbafe4d1b | |
| parent | Use HTTPException To Propagate Access Failures (diff) | |
Ensure Form Existence Is Always Checked
Signed-off-by: Hassan Abouelela <[email protected]>
| -rw-r--r-- | backend/discord.py | 8 | 
1 files changed, 4 insertions, 4 deletions
| diff --git a/backend/discord.py b/backend/discord.py index 856e878..70532bf 100644 --- a/backend/discord.py +++ b/backend/discord.py @@ -164,15 +164,15 @@ async def _verify_access_helper(      form_id: str, request: starlette.requests.Request, attribute: str  ) -> None:      """A low level helper to validate access to a form resource based on the user's scopes.""" -    # Short circuit all resources for admins -    if "admin" in request.auth.scopes: -        return -      form = await request.state.db.forms.find_one({"id": form_id})      if not form:          raise FormNotFoundError(status_code=404) +    # Short circuit all resources for admins +    if "admin" in request.auth.scopes: +        return +      form = models.Form(**form)      for role_id in getattr(form, attribute) or []: | 
