refactor: removed useless code, cleaned up, fixed permissions

2 files changed, 3 insertions, 4 deletions

diff --git a/src/api/routes/albums/link/linkDELETE.js b/src/api/routes/albums/link/linkDELETE.js
index 7adcaac..904687f 100644
--- a/src/api/routes/albums/link/linkDELETE.js
+++ b/src/api/routes/albums/link/linkDELETE.js
@@ -6,13 +6,13 @@ class linkDELETE extends Route {
 		super('/album/link/delete/:identifier', 'delete');
 	}
 
-	async run(req, res, db) {
+	async run(req, res, db, user) {
 		const { identifier } = req.params;
 		if (!identifier) return res.status(400).json({ message: 'Invalid identifier supplied' });
 
 		try {
 			const link = await db.table('links')
-				.where({ identifier })
+				.where({ identifier, userId: user.id })
 				.first();
 
 			dump(link);
diff --git a/src/api/routes/albums/link/linkPOST.js b/src/api/routes/albums/link/linkPOST.js
index 297348c..6009922 100644
--- a/src/api/routes/albums/link/linkPOST.js
+++ b/src/api/routes/albums/link/linkPOST.js
@@ -1,6 +1,5 @@
 const Route = require('../../../structures/Route');
 const Util = require('../../../utils/Util');
-const log = require('../../../utils/Log');
 
 class linkPOST extends Route {
 	constructor() {
@@ -15,7 +14,7 @@ class linkPOST extends Route {
 		/*
 			Make sure the album exists
 		*/
-		const exists = await db.table('albums').where('id', albumId).first();
+		const exists = await db.table('albums').where({ id: albumId, userId: user.id }).first();
 		if (!exists) return res.status(400).json({ message: 'Album doesn\t exist' });
 
 		/*