diff --git a/src/routers/sources.py b/src/routers/sources.py index 1cebb8e..c512ab1 100644 --- a/src/routers/sources.py +++ b/src/routers/sources.py @@ -310,7 +310,7 @@ async def block_domain( ) cursor = await db.execute( - "UPDATE sources SET status = 'inactive' WHERE LOWER(domain) = ? AND source_type != 'excluded' AND (tenant_id IS NULL OR tenant_id = ?)", + "UPDATE sources SET status = 'inactive' WHERE LOWER(domain) = ? AND source_type != 'excluded' AND tenant_id = ?", (domain, tenant_id), ) feeds_deactivated = cursor.rowcount @@ -364,11 +364,11 @@ async def unblock_domain( if has_feeds: await db.execute( - "DELETE FROM sources WHERE LOWER(domain) = ? AND source_type = 'excluded' AND (tenant_id IS NULL OR tenant_id = ?)", + "DELETE FROM sources WHERE LOWER(domain) = ? AND source_type = 'excluded' AND tenant_id = ?", (domain, tenant_id), ) cursor = await db.execute( - "UPDATE sources SET status = 'active' WHERE LOWER(domain) = ? AND source_type != 'excluded' AND (tenant_id IS NULL OR tenant_id = ?)", + "UPDATE sources SET status = 'active' WHERE LOWER(domain) = ? AND source_type != 'excluded' AND tenant_id = ?", (domain, tenant_id), ) feeds_reactivated = cursor.rowcount @@ -495,6 +495,9 @@ async def update_source( if not row: raise HTTPException(status_code=404, detail="Quelle nicht gefunden") + if row["tenant_id"] is None: + raise HTTPException(status_code=403, detail="Grundquellen koennen nur ueber die Verwaltung bearbeitet werden") + _check_source_ownership(dict(row), current_user["username"]) updates = {} @@ -532,6 +535,9 @@ async def delete_source( if not row: raise HTTPException(status_code=404, detail="Quelle nicht gefunden") + if row["tenant_id"] is None: + raise HTTPException(status_code=403, detail="Grundquellen koennen nicht geloescht werden") + _check_source_ownership(dict(row), current_user["username"]) await db.execute("DELETE FROM sources WHERE id = ?", (source_id,))