Check ui path vs body

packages/server/src/api/controllers/view/viewsV2.ts

@@ -24,6 +24,10 @@ export async function update(ctx: Ctx<UpdateViewRequest, ViewResponse>) {
     ctx.throw(400, "Only views V2 can be updated")
   }
 
+  if (ctx.params.viewId !== view.id) {
+    ctx.throw(400, "View id does not match between the body and the uri path")
+  }
+
   const { tableId } = view
 
   const result = await sdk.views.update(tableId, view)

packages/server/src/api/routes/tests/viewV2.spec.ts

@@ -187,6 +187,21 @@ describe("/v2/views", () => {
         }
       )
     })
+
+    it("cannot update the a view with unmatching ids between url and body", async () => {
+      const anotherView = await config.api.viewV2.create()
+      const result = await config
+        .request!.put(`/api/v2/views/${anotherView.id}`)
+        .send(view)
+        .set(config.defaultHeaders())
+        .expect("Content-Type", /json/)
+        .expect(400)
+
+      expect(result.body).toEqual({
+        message: "View id does not match between the body and the uri path",
+        status: 400,
+      })
+    })
   })
 
   describe("delete", () => {