Fixed user can download their own files

2020-11-28 23:08:07 +01:00
parent d73b63d85d
commit ed6d23c536
5 changed files with 33 additions and 20 deletions
--- a/src/utils/common_queries.py
+++ b/src/utils/common_queries.py
@@ -0,0 +1,15 @@
+from flask_security import current_user
+from models import db, Purchase, Item
+
+
+def user_can_access_caff(item: Item) -> bool:
+    if not current_user.is_authenticated:
+        return False
+    else:
+
+        if item.uploader == current_user:
+            return True
+        else:
+            p = Purchase.query.filter(
+                db.and_(Purchase.purchaser_id == current_user.id, Purchase.item_id == item.id)).first()
+            return bool(p)