|
|
|
@ -48,9 +48,9 @@ def check_image_permissions(image_id: str, current_user: User):
|
|
|
|
if not image:
|
|
|
|
if not image:
|
|
|
|
raise HTTPException(status_code=404, detail="Image not found")
|
|
|
|
raise HTTPException(status_code=404, detail="Image not found")
|
|
|
|
|
|
|
|
|
|
|
|
# Si l'image n'est pas associée à un pin, n'importe qui peut y accéder
|
|
|
|
# Si l'image n'est pas associée à un pin, personne ne peut y accéder
|
|
|
|
if not image.get("pin_id"):
|
|
|
|
if not image.get("pin_id"):
|
|
|
|
return image
|
|
|
|
raise HTTPException(status_code=403, detail="Image is not associated with any pin")
|
|
|
|
|
|
|
|
|
|
|
|
# Récupérer le pin associé
|
|
|
|
# Récupérer le pin associé
|
|
|
|
pin = pins_collection.find_one({"_id": ObjectId(image["pin_id"])})
|
|
|
|
pin = pins_collection.find_one({"_id": ObjectId(image["pin_id"])})
|
|
|
|
@ -165,7 +165,7 @@ async def add_image(
|
|
|
|
|
|
|
|
|
|
|
|
@images_router.get(
|
|
|
|
@images_router.get(
|
|
|
|
path="/{id}",
|
|
|
|
path="/{id}",
|
|
|
|
responses={401: {"model": HTTPError}, 404: {"model": HTTPError}}
|
|
|
|
responses={401: {"model": HTTPError}, 403: {"model": HTTPError}, 404: {"model": HTTPError}}
|
|
|
|
)
|
|
|
|
)
|
|
|
|
async def get_image(id: str, current_user: User = Depends(get_current_user)):
|
|
|
|
async def get_image(id: str, current_user: User = Depends(get_current_user)):
|
|
|
|
image = check_image_permissions(id, current_user)
|
|
|
|
image = check_image_permissions(id, current_user)
|
|
|
|
|
