From e6d5aeb8f6641034b4b9b3dd4338a0502f3cf6ed Mon Sep 17 00:00:00 2001
From: ZhuangYumin <zhuangyumin@sjtu.edu.cn>
Date: Thu, 14 Dec 2023 06:51:28 +0000
Subject: [PATCH] fix: add previlige check for passwd

---
 backend/src/engine.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/backend/src/engine.cpp b/backend/src/engine.cpp
index 1e00162..4e7e43c 100644
--- a/backend/src/engine.cpp
+++ b/backend/src/engine.cpp
@@ -169,7 +169,10 @@ std::vector<std::string> BookStoreEngineClass::ExecutePasswd(
   if (!CommandPasswdLexer(cmd, user_id, current_password, new_password))
     return std::vector<std::string>({"Invalid"});
   // debugPrint("sucessfully lexed passwd");
-  if (user_data_base.GetPrevilege(user_id) < 1)
+  if (user_data_base.GetPrevilege(user_id) == -1)
+    return std::vector<std::string>({"Invalid"});
+  if (login_stack.empty() ||
+      user_data_base.GetPrevilege(login_stack.top().first) < 1)
     return std::vector<std::string>({"Invalid"});
   // debugPrint("begin checing authority");
   if (login_stack.size() > 0 &&