diff --git a/app/routes/pins.py b/app/routes/pins.py index 94ba1b3..53ddecc 100644 --- a/app/routes/pins.py +++ b/app/routes/pins.py @@ -78,11 +78,16 @@ async def list_pins(current_user: User = Depends(get_current_user)): ) async def delete_pin(id: str, current_user: User = Depends(get_current_user)): try: - result = pins_collection.delete_one({"_id": ObjectId(id)}) + pin = pins_collection.find_one({"_id": ObjectId(id)}) except bson.errors.InvalidId: objectid_misformatted() - if result.deleted_count == 0: + if pin is None: raise HTTPException(status_code=404, detail="Pin not found") - - return {"message": "Pin deleted"} \ No newline at end of file + + if pin.get("user_id") != current_user.uid: + raise HTTPException(status_code=403, detail="You are not allowed to delete this pin") + + pins_collection.delete_one({"_id": ObjectId(id)}) + + return {"message": "Pin deleted"}