Update app.py
Browse files
app.py
CHANGED
|
@@ -129,6 +129,12 @@ async def edit_recipe(request: Request, id: str, update: RecipeUpdate):
|
|
| 129 |
if not update_dict:
|
| 130 |
raise HTTPException(status_code=400, detail="No fields provided to update.")
|
| 131 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 132 |
# Make the update
|
| 133 |
response = supabase.table("recipes").update(update_dict).eq("id", id).execute()
|
| 134 |
|
|
|
|
| 129 |
if not update_dict:
|
| 130 |
raise HTTPException(status_code=400, detail="No fields provided to update.")
|
| 131 |
|
| 132 |
+
# Check ownership
|
| 133 |
+
ownership_check = supabase.table("recipes").select("user_id").eq("id", id).single().execute()
|
| 134 |
+
if ownership_check.data["user_id"] != update.user_id:
|
| 135 |
+
raise HTTPException(status_code=403, detail="You are not authorized to edit this recipe.")
|
| 136 |
+
|
| 137 |
+
|
| 138 |
# Make the update
|
| 139 |
response = supabase.table("recipes").update(update_dict).eq("id", id).execute()
|
| 140 |
|