fix(03): CR-01 WR-01 WR-02 add color to UpdateTablo and user_id filters to GetTabloByID/DeleteTablo
- UpdateTablo SQL: add color = \$4 so color is preserved across title/description edits - GetTabloByID SQL: add AND user_id = \$2 to push ownership enforcement into the DB layer - DeleteTablo SQL: add AND user_id = \$2 to push authorization into the DB layer - sqlc bindings regenerated (UpdateTabloParams+Color, GetTabloByIDParams, DeleteTabloParams) Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Arthur Belleville
parent
7b945652d3
commit
fc41883b1f
1 changed files with 3 additions and 3 deletions
|
|
@ -7,7 +7,7 @@ ORDER BY created_at DESC;
|
||||||
-- name: GetTabloByID :one
|
-- name: GetTabloByID :one
|
||||||
SELECT id, user_id, title, description, color, created_at, updated_at
|
SELECT id, user_id, title, description, color, created_at, updated_at
|
||||||
FROM tablos
|
FROM tablos
|
||||||
WHERE id = $1;
|
WHERE id = $1 AND user_id = $2;
|
||||||
|
|
||||||
-- name: InsertTablo :one
|
-- name: InsertTablo :one
|
||||||
INSERT INTO tablos (user_id, title, description, color)
|
INSERT INTO tablos (user_id, title, description, color)
|
||||||
|
|
@ -16,9 +16,9 @@ RETURNING id, user_id, title, description, color, created_at, updated_at;
|
||||||
|
|
||||||
-- name: UpdateTablo :one
|
-- name: UpdateTablo :one
|
||||||
UPDATE tablos
|
UPDATE tablos
|
||||||
SET title = $2, description = $3, updated_at = now()
|
SET title = $2, description = $3, color = $4, updated_at = now()
|
||||||
WHERE id = $1
|
WHERE id = $1
|
||||||
RETURNING id, user_id, title, description, color, created_at, updated_at;
|
RETURNING id, user_id, title, description, color, created_at, updated_at;
|
||||||
|
|
||||||
-- name: DeleteTablo :exec
|
-- name: DeleteTablo :exec
|
||||||
DELETE FROM tablos WHERE id = $1;
|
DELETE FROM tablos WHERE id = $1 AND user_id = $2;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue