From d0a5c0ec77fe7a35944e43152d2d5fa6063ec6a8 Mon Sep 17 00:00:00 2001
From: bayusamudra5502 <bayusamudra.55.02.com@gmail.com>
Date: Fri, 5 May 2023 00:28:11 +0700
Subject: [PATCH] fix: unsafe change score

---
 repository/quiz/impl.go | 4 ++--
 repository/quiz/type.go | 2 +-
 service/quiz/impl.go    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/repository/quiz/impl.go b/repository/quiz/impl.go
index b1ffe2a..e4f8c12 100644
--- a/repository/quiz/impl.go
+++ b/repository/quiz/impl.go
@@ -40,10 +40,10 @@ func (q *QuizRepositoryImpl) GetQuizDetail(quizId uuid.UUID) (*quiz.Quiz, error)
 	return result, nil
 }
 
-func (q *QuizRepositoryImpl) UpdateScore(quizId uuid.UUID, score int) error {
+func (q *QuizRepositoryImpl) UpdateScore(email string, quizId uuid.UUID, score int) error {
 	return q.db.
 		Model(&quiz.QuizTake{}).
-		Where("quiz_id = ?", quizId).
+		Where("quiz_id = ? AND email = ?", quizId, email).
 		Updates(quiz.QuizTake{
 			Score:      score,
 			IsFinished: true,
diff --git a/repository/quiz/type.go b/repository/quiz/type.go
index 5091ec0..362686b 100644
--- a/repository/quiz/type.go
+++ b/repository/quiz/type.go
@@ -8,7 +8,7 @@ import (
 type QuizRepository interface {
 	GetQuizes(courseId string) ([]quiz.Quiz, error)
 	GetQuizDetail(quizId uuid.UUID) (*quiz.Quiz, error)
-	UpdateScore(quizId uuid.UUID, score int) error
+	UpdateScore(email string, quizId uuid.UUID, score int) error
 	NewTake(quizId uuid.UUID, userEmail string) (uuid.UUID, error)
 	IsUserContributor(id string, email string) (bool, error)
 	NewQuiz(quiz quiz.Quiz) error
diff --git a/service/quiz/impl.go b/service/quiz/impl.go
index 6b8bf07..12e0377 100644
--- a/service/quiz/impl.go
+++ b/service/quiz/impl.go
@@ -180,7 +180,7 @@ func (q QuizServiceImpl) DoFinishQuiz(ctx context.Context, quizId uuid.UUID, ema
 		return nil, err
 	}
 
-	err = q.QuizRepository.UpdateScore(quizId, int(score))
+	err = q.QuizRepository.UpdateScore(email, quizId, int(score))
 
 	if err != nil {
 		return nil, err
-- 
GitLab