acquire write lock for save dashboard

nikhilsinhaparseable · nikhilsinhaparseable · commit 155e18eae94a · 2025-07-06T23:24:34.000-07:00
diff --git a/src/cli.rs b/src/cli.rs
@@ -451,7 +451,7 @@ pub struct Options {
         help = "Object store sync threshold in seconds"
     )]
     pub object_store_sync_threshold: u64,
-    // the oidc scope 
+    // the oidc scope
     #[arg(
         long = "oidc-scope",
         name = "oidc-scope",
diff --git a/src/handlers/http/oidc.rs b/src/handlers/http/oidc.rs
@@ -77,7 +77,13 @@ pub async fn login(
     let session_key = extract_session_key_from_req(&req).ok();
     let (session_key, oidc_client) = match (session_key, oidc_client) {
         (None, None) => return Ok(redirect_no_oauth_setup(query.redirect.clone())),
-        (None, Some(client)) => return Ok(redirect_to_oidc(query, client, PARSEABLE.options.scope.to_string().as_str())),
+        (None, Some(client)) => {
+            return Ok(redirect_to_oidc(
+                query,
+                client,
+                PARSEABLE.options.scope.to_string().as_str(),
+            ))
+        }
         (Some(session_key), client) => (session_key, client),
     };
     // try authorize
@@ -113,7 +119,11 @@ pub async fn login(
             } else {
                 Users.remove_session(&key);
                 if let Some(oidc_client) = oidc_client {
-                    redirect_to_oidc(query, oidc_client, PARSEABLE.options.scope.to_string().as_str())
+                    redirect_to_oidc(
+                        query,
+                        oidc_client,
+                        PARSEABLE.options.scope.to_string().as_str(),
+                    )
                 } else {
                     redirect_to_client(query.redirect.as_str(), None)
                 }
diff --git a/src/users/dashboards.rs b/src/users/dashboards.rs
@@ -206,17 +206,7 @@ impl Dashboards {
             .dashboard_id
             .ok_or(DashboardError::Metadata("Dashboard ID must be provided"))?;
 
-        // ensure the dashboard has unique title
-        let dashboards = self.0.read().await;
-        let has_duplicate = dashboards
-            .iter()
-            .any(|d| d.title == dashboard.title && d.dashboard_id != dashboard.dashboard_id);
-
-        if has_duplicate {
-            return Err(DashboardError::Metadata("Dashboard title must be unique"));
-        }
         let path = dashboard_path(user_id, &format!("{dashboard_id}.json"));
-
         let store = PARSEABLE.storage.get_object_store();
         let dashboard_bytes = serde_json::to_vec(&dashboard)?;
         store
@@ -237,8 +227,19 @@ impl Dashboards {
         dashboard.created = Some(Utc::now());
         dashboard.set_metadata(user_id, None);
 
+        let mut dashboards = self.0.write().await;
+
+        let has_duplicate = dashboards
+            .iter()
+            .any(|d| d.title == dashboard.title && d.dashboard_id != dashboard.dashboard_id);
+
+        if has_duplicate {
+            return Err(DashboardError::Metadata("Dashboard title must be unique"));
+        }
+
         self.save_dashboard(user_id, dashboard).await?;
-        self.0.write().await.push(dashboard.clone());
+
+        dashboards.push(dashboard.clone());
 
         Ok(())
     }
@@ -252,16 +253,32 @@ impl Dashboards {
         dashboard_id: Ulid,
         dashboard: &mut Dashboard,
     ) -> Result<(), DashboardError> {
-        let existing_dashboard = self
-            .ensure_dashboard_ownership(dashboard_id, user_id)
-            .await?;
+        let mut dashboards = self.0.write().await;
+
+        let existing_dashboard = dashboards
+            .iter()
+            .find(|d| d.dashboard_id == Some(dashboard_id) && d.author == Some(user_id.to_string()))
+            .cloned()
+            .ok_or_else(|| {
+                DashboardError::Metadata(
+                    "Dashboard does not exist or you do not have permission to access it",
+                )
+            })?;
 
         dashboard.set_metadata(user_id, Some(dashboard_id));
         dashboard.created = existing_dashboard.created;
+
+        let has_duplicate = dashboards
+            .iter()
+            .any(|d| d.title == dashboard.title && d.dashboard_id != dashboard.dashboard_id);
+
+        if has_duplicate {
+            return Err(DashboardError::Metadata("Dashboard title must be unique"));
+        }
+
         self.save_dashboard(user_id, dashboard).await?;
 
-        let mut dashboards = self.0.write().await;
-        dashboards.retain(|d| d.dashboard_id != dashboard.dashboard_id);
+        dashboards.retain(|d| d.dashboard_id != Some(dashboard_id));
         dashboards.push(dashboard.clone());
 
         Ok(())
