Commit 76cbe126 authored by Yechang's avatar Yechang
Browse files

feat(user): forbid invalid access

parent e1a8afc3

src/routes/(with-session)/(with-class)/submission/[submissionId=integer]/+page.server.ts

+10 −1
Original line number Diff line number Diff line
@@ -5,8 +5,10 @@ import { signDownloadRequest } from '$lib/server/storage'; 
import { error, redirect, type Actions, type ServerLoad } from '@sveltejs/kit';

import _ from 'lodash';

import { z } from 'zod';

import type { PageParentData, PageServerLoad } from './$types';



export const load: PageServerLoad = async ({ params, locals, parent }) => {



export const load: ServerLoad = async ({ params }) => {

	const id = _.toNumber(params.submissionId);

	const s = await db.submission.findUnique({

		where: { id },
@@ -27,6 +29,13 @@ export const load: ServerLoad = async ({ params }) => { 
			message: 'Not found'

		});

	}

	const parentData: PageParentData = await parent()

	const { currentClass } = parentData

	if (currentClass.role === 'STUDENT' && s.id !== locals.user?.id) {

		error(403, {

			message: 'You should not be here'

		});

	}



	const files = await db.file.findMany({

		where: {

CRA Git | Maintained and supported by SUSTech CRA and CCSE