Skip to content

Commit

Permalink
Fixing router permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@lucasgehl3n
lucasgehl3n committed Nov 25, 2023
1 parent 2834caa commit 634bbb0
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
7 changes: 6 additions & 1 deletion src/middlewares/acl/CheckAclPermission.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,12 @@ export default function CheckAclPermission(role: Roles) {
return function (req: Request, res: Response, next: NextFunction) {
const authenticatedRequest = req as unknown as AuthenticatedRequest;
const { userRoles } = authenticatedRequest.user!;
const id = req.params.id || req.body.id;
let id = req.params.id || req.body.id;

if(!req.path.includes('/institution')){
id = req.params.idInstitution || req.body.idInstitution;
}

if (userRoles.some(x =>
x.idRole && x.idRole >= role &&
x.idInstitution?.toString() === id
Expand Down
4 changes: 3 additions & 1 deletion src/routes.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,14 +98,16 @@ routes.post('/animal/save', upload.any(), (req, res) => {
});

routes.post('/animal/saveFiles', upload.any(), (req, res) => {
CheckUserPermission(Roles.Volunteer)
return AnimalController.saveFiles(req, res)
});

routes.post('/temporaryHome/save', (req, res) => {
CheckUserPermission(Roles.Volunteer)
return EntityTemporaryHomeController.save(req, res)
});

routes.get('/animal/:id', (req, res) => {
routes.get('/animal/:id', CheckUserPermission(Roles.Volunteer), (req, res) => {
return AnimalController.detail(req, res)
});

Expand Down

0 comments on commit 634bbb0

Please sign in to comment.