torsten/trainingstagebuch
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance permission validation and error handling in permissionController

Browse Source 
Updated the getUserPermissions function to include validation for clubId, ensuring it is a valid positive integer. Added error handling to return a 400 status with a descriptive message for invalid club IDs, improving the robustness of the API response.
This commit is contained in:
Torsten Schulz (local)
2025-11-05 16:33:52 +01:00
parent ad99787f75
commit a0d12a895e
2 changed files with 43 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/controllers/permissionController.js
View File

@@ -8,7 +8,13 @@ export const getUserPermissions = async (req, res) => {
const { clubId } = req.params;
const userId = req.user.id;
const permissions = await permissionService.getUserClubPermissions(userId, parseInt(clubId));
// Validierung: clubId muss eine gültige Zahl sein
const parsedClubId = parseInt(clubId, 10);
if (isNaN(parsedClubId) || parsedClubId <= 0) {
return res.status(400).json({ error: 'Ungültige Club-ID' });
}
const permissions = await permissionService.getUserClubPermissions(userId, parsedClubId);
if (!permissions) {
return res.status(404).json({ error: 'Keine Berechtigungen gefunden' });