From bfd5af856fba215adfc9541c28e74c0abfa162cd Mon Sep 17 00:00:00 2001
From: navaneeth <navaneethpk@outlook.com>
Date: Wed, 19 May 2021 15:55:59 +0530
Subject: [PATCH] Authorize before adding apps to folders

---
 app/controllers/folder_apps_controller.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/controllers/folder_apps_controller.rb b/app/controllers/folder_apps_controller.rb
index 19dab9cca2..ec599f06d1 100644
--- a/app/controllers/folder_apps_controller.rb
+++ b/app/controllers/folder_apps_controller.rb
@@ -4,6 +4,12 @@ class FolderAppsController < ApplicationController
         app_id = params[:app_id]
         folder_id = params[:folder_id]
 
+        @app = App.find app_id
+
+        unless AppPolicy.new(@current_user, @app).update?
+            render json: { message: 'Could not add app to folder due to insufficient permissions' }, status: 500
+        end
+
         folder_app = FolderApp.new(app_id: app_id, folder_id: folder_id)
 
         if folder_app.save