refactor: reorder checks before allowing edit of tt metadata

check if requester owns the tt before logical checks
crux-bphc · Dec 29, 2023 · 91ae517 · 91ae517
1 parent 70aa163
commit 91ae517
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/backend/src/controllers/timetable/editTimetableMetadata.ts b/backend/src/controllers/timetable/editTimetableMetadata.ts
@@ -73,6 +73,10 @@ export const editTimetableMetadata = async (req: Request, res: Response) => {
     return res.status(404).json({ message: "timetable not found" });
   }
 
+  if (timetable.authorId !== author.id) {
+    return res.status(403).json({ message: "user does not own timetable" });
+  }
+
   if (
     timetable.draft &&
     timetable.sections.length === 0 &&
@@ -92,10 +96,6 @@ export const editTimetableMetadata = async (req: Request, res: Response) => {
     });
   }
 
-  if (timetable.authorId !== author.id) {
-    return res.status(403).json({ message: "user does not own timetable" });
-  }
-
   try {
     await timetableRepository
       .createQueryBuilder("timetable")