updated logic to get filter/dashboard based on user_id and filer_id/dashboard_id

Author: nikhilsinhaparseable

server/src/handlers/http/users/dashboards.rs

@@ -38,12 +38,13 @@ pub async fn list(req: HttpRequest) -> Result<impl Responder, DashboardError> {
 }
 
 pub async fn get(req: HttpRequest) -> Result<impl Responder, DashboardError> {
+    let user_id = get_user_from_request(&req)?;
     let dashboard_id = req
         .match_info()
         .get("dashboard_id")
         .ok_or(DashboardError::Metadata("No Dashboard Id Provided"))?;
 
-    if let Some(dashboard) = DASHBOARDS.get_dashboard(dashboard_id) {
+    if let Some(dashboard) = DASHBOARDS.get_dashboard(dashboard_id, &get_hash(&user_id)) {
         return Ok((web::Json(dashboard), StatusCode::OK));
     }
 
@@ -79,7 +80,10 @@ pub async fn update(req: HttpRequest, body: Bytes) -> Result<impl Responder, Das
         .match_info()
         .get("dashboard_id")
         .ok_or(DashboardError::Metadata("No Dashboard Id Provided"))?;
-    if DASHBOARDS.get_dashboard(dashboard_id).is_none() {
+    if DASHBOARDS
+        .get_dashboard(dashboard_id, &get_hash(&user_id))
+        .is_none()
+    {
         return Err(DashboardError::Metadata("Dashboard does not exist"));
     }
     let mut dashboard: Dashboard = serde_json::from_slice(&body)?;
@@ -109,6 +113,12 @@ pub async fn delete(req: HttpRequest) -> Result<HttpResponse, DashboardError> {
         .match_info()
         .get("dashboard_id")
         .ok_or(DashboardError::Metadata("No Dashboard Id Provided"))?;
+    if DASHBOARDS
+        .get_dashboard(dashboard_id, &get_hash(&user_id))
+        .is_none()
+    {
+        return Err(DashboardError::Metadata("Dashboard does not exist"));
+    }
     let path = dashboard_path(&user_id, &format!("{}.json", dashboard_id));
     let store = CONFIG.storage().get_object_store();
     store.delete_object(&path).await?;

server/src/handlers/http/users/filters.rs

@@ -36,12 +36,13 @@ pub async fn list(req: HttpRequest) -> Result<impl Responder, FiltersError> {
 }
 
 pub async fn get(req: HttpRequest) -> Result<impl Responder, FiltersError> {
+    let user_id = get_user_from_request(&req)?;
     let filter_id = req
         .match_info()
         .get("filter_id")
         .ok_or(FiltersError::Metadata("No Filter Id Provided"))?;
 
-    if let Some(filter) = FILTERS.get_filter(filter_id) {
+    if let Some(filter) = FILTERS.get_filter(filter_id, &get_hash(&user_id)) {
         return Ok((web::Json(filter), StatusCode::OK));
     }
 
@@ -76,7 +77,7 @@ pub async fn update(req: HttpRequest, body: Bytes) -> Result<HttpResponse, Filte
         .match_info()
         .get("filter_id")
         .ok_or(FiltersError::Metadata("No Filter Id Provided"))?;
-    if FILTERS.get_filter(filter_id).is_none() {
+    if FILTERS.get_filter(filter_id, &get_hash(&user_id)).is_none() {
         return Err(FiltersError::Metadata("Filter does not exist"));
     }
     let mut filter: Filter = serde_json::from_slice(&body)?;
@@ -104,7 +105,7 @@ pub async fn delete(req: HttpRequest) -> Result<HttpResponse, FiltersError> {
         .get("filter_id")
         .ok_or(FiltersError::Metadata("No Filter Id Provided"))?;
     let filter = FILTERS
-        .get_filter(filter_id)
+        .get_filter(filter_id, &get_hash(&user_id))
         .ok_or(FiltersError::Metadata("Filter does not exist"))?;
 
     let path = filter_path(

server/src/users/dashboards.rs

@@ -143,12 +143,15 @@ impl Dashboards {
         s.retain(|d| d.dashboard_id != Some(dashboard_id.to_string()));
     }
 
-    pub fn get_dashboard(&self, dashboard_id: &str) -> Option<Dashboard> {
+    pub fn get_dashboard(&self, dashboard_id: &str, user_id: &str) -> Option<Dashboard> {
         self.0
             .read()
             .expect(LOCK_EXPECT)
             .iter()
-            .find(|d| d.dashboard_id == Some(dashboard_id.to_string()))
+            .find(|d| {
+                d.dashboard_id == Some(dashboard_id.to_string())
+                    && d.user_id == Some(user_id.to_string())
+            })
             .cloned()
     }
 
@@ -157,7 +160,7 @@ impl Dashboards {
             .read()
             .expect(LOCK_EXPECT)
             .iter()
-            .filter(|d| d.user_id.as_ref().unwrap() == user_id)
+            .filter(|d| d.user_id == Some(user_id.to_string()))
             .cloned()
             .collect()
     }

server/src/users/filters.rs

@@ -130,12 +130,14 @@ impl Filters {
         s.retain(|f| f.filter_id != Some(filter_id.to_string()));
     }
 
-    pub fn get_filter(&self, filter_id: &str) -> Option<Filter> {
+    pub fn get_filter(&self, filter_id: &str, user_id: &str) -> Option<Filter> {
         self.0
             .read()
             .expect(LOCK_EXPECT)
             .iter()
-            .find(|f| f.filter_id == Some(filter_id.to_string()))
+            .find(|f| {
+                f.filter_id == Some(filter_id.to_string()) && f.user_id == Some(user_id.to_string())
+            })
             .cloned()
     }
 
@@ -144,7 +146,7 @@ impl Filters {
             .read()
             .expect(LOCK_EXPECT)
             .iter()
-            .filter(|f| f.user_id.as_ref().unwrap() == user_id)
+            .filter(|f| f.user_id == Some(user_id.to_string()))
             .cloned()
             .collect()
     }