alex/voyage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(adventure): enhance collection ownership validation in AdventureSerializer (#723)

Browse Source
This commit is contained in:
Sean Morley
2025-07-09 23:03:48 -04:00
committed by GitHub
parent cadea118d3
commit 4e96e529f4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/server/adventures/serializers.py
View File

@@ -128,7 +128,7 @@ class AdventureSerializer(CustomModelSerializer):
user = self.context['request'].user user = self.context['request'].user
for collection in collections: for collection in collections:
if collection.user_id != user: if collection.user_id != user and not collection.shared_with.filter(id=user.id).exists():
raise serializers.ValidationError( raise serializers.ValidationError(
f"Collection '{collection.name}' does not belong to the current user." f"Collection '{collection.name}' does not belong to the current user."
) )