fix: user chat delete loophole

This commit is contained in:
Timothy J. Baek 2024-03-02 00:07:50 -08:00
parent a4c6a8d5a4
commit 74809e7330
3 changed files with 15 additions and 3 deletions

View file

@ -271,6 +271,16 @@ async def delete_all_chat_tags_by_id(id: str, user=Depends(get_current_user)):
@router.delete("/", response_model=bool) @router.delete("/", response_model=bool)
async def delete_all_user_chats(user=Depends(get_current_user)): async def delete_all_user_chats(request: Request, user=Depends(get_current_user)):
if (
user.role == "user"
and not request.app.state.USER_PERMISSIONS["chat"]["deletion"]
):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
)
result = Chats.delete_chats_by_user_id(user.id) result = Chats.delete_chats_by_user_id(user.id)
return result return result

View file

@ -439,7 +439,7 @@ export const deleteAllChats = async (token: string) => {
return json; return json;
}) })
.catch((err) => { .catch((err) => {
error = err; error = err.detail;
console.log(err); console.log(err);
return null; return null;

View file

@ -75,7 +75,9 @@
const deleteChats = async () => { const deleteChats = async () => {
await goto('/'); await goto('/');
await deleteAllChats(localStorage.token); await deleteAllChats(localStorage.token).catch((error) => {
toast.error(error);
});
await chats.set(await getChatList(localStorage.token)); await chats.set(await getChatList(localStorage.token));
}; };