Add Access Control for Edit-Recipe Tab (#15)

Currently, everybody can edit all recipes to their liking. This commit should move the edit recipe router (and with that the edit recipe API) to the Authenticated Layer.
TrueDoctor · Apr 4, 2024 · 25217e5 · 25217e5
1 parent 58ba80c
commit 25217e5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/backend/src/frontend/recipes_tab.rs b/backend/src/frontend/recipes_tab.rs
@@ -19,6 +19,7 @@ pub(crate) fn recipes_router() -> axum::Router<MyAppState> {
             "/delete_nqa/:recipe_id",
             axum::routing::delete(delete_recipe_nqa),
         )
+        .nest("/edit/", recipes_edit_tab::recipes_edit_router())
         .route_layer(RequireAuthorizationLayer::<i64, User>::login_or_redirect(
             Arc::new(LOGIN_URL.into()),
             None,
@@ -34,7 +35,6 @@ pub(crate) fn recipes_router() -> axum::Router<MyAppState> {
             axum::routing::get(export_recipe_pdf),
         )
         .route("/", axum::routing::get(recipes_view))
-        .nest("/edit/", recipes_edit_tab::recipes_edit_router())
 }
 
 #[derive(Deserialize)]