From a49b34010fb9c7947240d6f6745291c92c83dfe0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20FAMIBELLE-PRONZOLA?= <c.pronzola@live.fr>
Date: Fri, 25 Mar 2022 08:54:26 +0400
Subject: [PATCH] Secure teks update

---
 api/teks/controllers/teks.js | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/api/teks/controllers/teks.js b/api/teks/controllers/teks.js
index 3f58187..b561106 100644
--- a/api/teks/controllers/teks.js
+++ b/api/teks/controllers/teks.js
@@ -21,6 +21,31 @@ const {parseMultipartData, sanitizeEntity} = require('strapi-utils')
       entity = await strapi.services.teks.create(body)
     }
 
+    return sanitizeEntity(entity, {model: strapi.models.teks})
+  },
+
+  async update(ctx) {
+    const {id} = ctx.params;
+
+    let entity
+
+    const teks = await strapi.query('teks').findOne({
+      id: ctx.params.id,
+      'user.id': ctx.state.user.id,
+      published_at: null
+    })
+
+    if (!teks) {
+      return ctx.unauthorized(`Vous ne pouvez pas mettre à jour cet élément.`)
+    }
+
+    if (ctx.is('multipart')) {
+      const {data} = parseMultipartData(ctx);
+      entity = await strapi.services.teks.update({id}, data)
+    } else {
+      entity = await strapi.services.teks.update({id}, ctx.request.body)
+    }
+
     return sanitizeEntity(entity, {model: strapi.models.teks})
   }
 }