diff options
| author |  Hassan Abouelela <[email protected]> | 2022-02-11 00:12:58 +0400 |
|---|---|---|
| committer | Hassan Abouelela <[email protected]> | 2022-02-11 00:12:58 +0400 |
| commit | 10080f8f30fc29fca259347a7747cd27ab4c04ff (patch) | |
| tree | 362608affc7d10837c5bcb715ebefd0fbafe4d1b | |
| parent | Use HTTPException To Propagate Access Failures (diff) | |
Ensure Form Existence Is Always Checked
Signed-off-by: Hassan Abouelela <[email protected]>
| -rw-r--r-- | backend/discord.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/backend/discord.py b/backend/discord.py index 856e878..70532bf 100644 --- a/backend/discord.py +++ b/backend/discord.py @@ -164,15 +164,15 @@ async def _verify_access_helper( form_id: str, request: starlette.requests.Request, attribute: str ) -> None: """A low level helper to validate access to a form resource based on the user's scopes.""" - # Short circuit all resources for admins - if "admin" in request.auth.scopes: - return - form = await request.state.db.forms.find_one({"id": form_id}) if not form: raise FormNotFoundError(status_code=404) + # Short circuit all resources for admins + if "admin" in request.auth.scopes: + return + form = models.Form(**form) for role_id in getattr(form, attribute) or []: |