Archives/Athou_commafeed
1
0
Fork 1
mirror of https://github.com/Athou/commafeed.git synced 2026-03-21 21:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

make sure the user owns the modified data

Browse Source
This commit is contained in:
Athou
2013-04-10 22:07:44 +02:00
parent b3edfb955f
commit 013922b96d
4 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/main/java/com/commafeed/frontend/rest/resources/SubscriptionsREST.java
View File

@@ -81,8 +81,14 @@ public class SubscriptionsREST extends AbstractREST {
@GET
@Path("unsubscribe")
public Response unsubscribe(@QueryParam("id") Long subscriptionId) {
feedSubscriptionService.deleteById(subscriptionId);
return Response.ok(Status.OK).build();
FeedSubscription sub = feedSubscriptionService.findById(getUser(),
subscriptionId);
if (sub != null) {
feedSubscriptionService.delete(sub);
return Response.ok(Status.OK).build();
} else {
return Response.status(Status.NOT_FOUND).build();
}
}
@GET
@@ -137,8 +143,19 @@ public class SubscriptionsREST extends AbstractREST {
@GET
@Path("deleteCategory")
public Response deleteCategory(@QueryParam("id") Long id) {
feedCategoryService.deleteById(id);
return Response.ok().build();
FeedCategory cat = feedCategoryService.findById(getUser(), id);
if (cat != null) {
List<FeedSubscription> subs = feedSubscriptionService
.findByCategory(getUser(), cat);
for (FeedSubscription sub : subs) {
sub.setCategory(null);
}
feedSubscriptionService.update(subs);
feedCategoryService.delete(cat);
return Response.ok().build();
} else {
return Response.status(Status.NOT_FOUND).build();
}
}
@POST