From 646b92285d6ccb9cb8ad91ec13fc8c5afa5fb741 Mon Sep 17 00:00:00 2001
From: luchenqun <luchenqun@qq.com>
Date: Sun, 21 Apr 2019 09:45:49 +0800
Subject: [PATCH] forbid del bookmarks for others

---
 routes/api.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/routes/api.js b/routes/api.js
index 451b736..3686278 100644
--- a/routes/api.js
+++ b/routes/api.js
@@ -312,7 +312,18 @@ api.delete('/delBookmark', function(req, res) {
         return;
     }
     var bookmarkId = req.query.id;
-    db.delBookmarkTags(bookmarkId)
+    var userId = req.session.user.id;
+    db.getBookmark(bookmarkId)
+        .then((bookmark) => {
+            if(bookmark.user_id === userId) {
+                return db.delBookmarkTags(bookmarkId);
+            } else {
+                res.json({
+                    result: 0
+                });
+                return Promise.reject("can not del others bookmark");
+            }
+        })
         .then(() => db.delBookmark(bookmarkId))
         .then((affectedRows) => res.json({
             result: affectedRows