fixing security query in live action

2020-12-09 12:37:20 +01:00 · 2020-12-09 12:37:20 +01:00 · 634806ec1c
parent eaa20b4302
commit 634806ec1c
1 changed files with 4 additions and 4 deletions
--- a/ereuse_devicehub/resources/action/views.py
+++ b/ereuse_devicehub/resources/action/views.py
@ -237,12 +237,12 @@ class ActionView(View):
    def live(self, snapshot):
        """If the device.allocated == True, then this snapshot create an action live."""
        device = snapshot.get('device')  # type: Computer
-        # TODO @cayop dependency of pulls 85 and 83
-        # if the pr/85 and pr/83 is merged, then you need change this way for get the device
-        if not device.hid or not Device.query.filter(Device.hid==device.hid).count():
+        # TODO @cayop dependency of pulls 85
+        # if the pr/85 is merged, then you need change this way for get the device
+        if not device.hid or not Device.query.filter(Device.hid==device.hid, owner_id=g.user.id).count():
            return None

-        device = Device.query.filter(Device.hid==device.hid).one()
+        device = Device.query.filter(Device.hid==device.hid, owner_id=g.user.id).one()

        if not device.allocated:
            return None