From 9b2fe62df5360b723d29fa9ebb5c7c000ad07db2 Mon Sep 17 00:00:00 2001
From: Geno <geno+dev@fireorbit.de>
Date: Sun, 12 Sep 2021 22:41:33 +0200
Subject: [PATCH] web/auth: middleware respone with 404

---
 web/auth/middleware.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/web/auth/middleware.go b/web/auth/middleware.go
index bd8916b..046e389 100644
--- a/web/auth/middleware.go
+++ b/web/auth/middleware.go
@@ -39,7 +39,7 @@ func MiddlewarePermissionParam(ws *web.Service, obj HasPermission, param string)
 			})
 			c.Abort()
 		}
-		_, err = obj.HasPermission(ws.DB, userID, objID)
+		d, err := obj.HasPermission(ws.DB, userID, objID)
 		if err != nil {
 			c.JSON(http.StatusUnauthorized, web.HTTPError{
 				Message: ErrAPINoPermission.Error(),
@@ -47,5 +47,11 @@ func MiddlewarePermissionParam(ws *web.Service, obj HasPermission, param string)
 			})
 			c.Abort()
 		}
+		if d == nil {
+			c.JSON(http.StatusNotFound, web.HTTPError{
+				Message: web.ErrAPINotFound.Error(),
+			})
+			c.Abort()
+		}
 	}
 }