validate request status before approval

2026-01-28 02:18:43 +00:00 · 2020-05-19 16:23:42 +00:00
parent 6e5d8e602e
commit e9ce2e0713
1 changed files with 5 additions and 1 deletions
--- a/src/requests_api.go
+++ b/src/requests_api.go
@@ -205,6 +205,10 @@ func (e mainEnv) approveUserRequest(w http.ResponseWriter, r *http.Request, ps h
 		userTOKEN = value.(string)
 		event.Record = userTOKEN
 	}
+	if requestInfo["status"].(string) != "open" {
+		returnError(w, r, "wrong status: " + requestInfo["status"].(string), 405, err, event)
+		return
+	}
 	resultJSON, err := e.db.getUser(userTOKEN)
 	if err != nil {
 		returnError(w, r, "internal error", 405, err, event)
@@ -253,7 +257,7 @@ func (e mainEnv) approveUserRequest(w http.ResponseWriter, r *http.Request, ps h
 		lastmodifiedby := "admin"
 		e.db.withdrawConsentRecord(userTOKEN, brief, mode, userTOKEN, lastmodifiedby)
 	}
-	e.db.updateRequestStatus(request, "approve", "")
+	e.db.updateRequestStatus(request, "approved", "")
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
 	w.WriteHeader(200)
 	fmt.Fprintf(w, `{"status":"ok","result":"done"}`)