This commit is contained in:
parent
2f4747a5de
commit
ef25ebc7bc
|
|
@ -218,7 +218,7 @@ async def update_shout(_, info, shout_id, shout_input=None, publish=False):
|
|||
return {'error': 'shout not found'}
|
||||
if (
|
||||
shout.created_by != author.id
|
||||
and not shout.authors.contains(author.id)
|
||||
and not filter(lambda x: x == author.id, shout.authors)
|
||||
and 'editor' not in roles
|
||||
):
|
||||
return {'error': 'access denied'}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ from starlette.exceptions import HTTPException
|
|||
|
||||
from orm.author import Author
|
||||
from services.db import local_session
|
||||
from services.logger import root_logger as logger
|
||||
|
||||
|
||||
class WebhookEndpoint(HTTPEndpoint):
|
||||
|
|
@ -20,7 +19,7 @@ class WebhookEndpoint(HTTPEndpoint):
|
|||
auth = request.headers.get('Authorization')
|
||||
if not auth or auth != os.environ.get('WEBHOOK_SECRET'):
|
||||
raise HTTPException(status_code=401, detail="Invalid Authorization header")
|
||||
logger.debug(data)
|
||||
# logger.debug(data)
|
||||
user = data.get('user')
|
||||
if not isinstance(user, dict):
|
||||
raise HTTPException(status_code=400, detail="User data is not a dictionary")
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user