web/auth: middleware respone with 404

2021-09-12 22:41:33 +02:00 · 2021-09-12 22:41:33 +02:00 · 9b2fe62df5
parent ea2ffbc424
commit 9b2fe62df5
1 changed files with 7 additions and 1 deletions
--- a/web/auth/middleware.go
+++ b/web/auth/middleware.go
@ -39,7 +39,7 @@ func MiddlewarePermissionParam(ws *web.Service, obj HasPermission, param string)
 			})
 			c.Abort()
 		}
-		_, err = obj.HasPermission(ws.DB, userID, objID)
+		d, err := obj.HasPermission(ws.DB, userID, objID)
 		if err != nil {
 			c.JSON(http.StatusUnauthorized, web.HTTPError{
 				Message: ErrAPINoPermission.Error(),
@ -47,5 +47,11 @@ func MiddlewarePermissionParam(ws *web.Service, obj HasPermission, param string)
 			})
 			c.Abort()
 		}
+		if d == nil {
+			c.JSON(http.StatusNotFound, web.HTTPError{
+				Message: web.ErrAPINotFound.Error(),
+			})
+			c.Abort()
+		}
 	}
 }