From 54b36b9624ce4981af5fa720a2bc45b38545c06d Mon Sep 17 00:00:00 2001
From: Agusti Fernandez Pardo <git@agusti.me>
Date: Fri, 8 Jul 2022 18:49:55 +0200
Subject: [PATCH] fix: bookings:id fix bad isAdmin double if adding missing
 return replace with || OR instead

---
 pages/api/bookings/[id].ts | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/pages/api/bookings/[id].ts b/pages/api/bookings/[id].ts
index fa0b9760af..32379cb231 100644
--- a/pages/api/bookings/[id].ts
+++ b/pages/api/bookings/[id].ts
@@ -23,10 +23,9 @@ export async function bookingById(
   });
   if (!userWithBookings) throw new Error("User not found");
   const userBookingIds = userWithBookings.bookings.map((booking: { id: number }) => booking.id).flat();
-
-  if (!isAdmin) {
-    if (!userBookingIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
-  } else {
+  if (!isAdmin || !userBookingIds.includes(safeQuery.data.id))
+    res.status(401).json({ message: "Unauthorized" });
+  else {
     switch (method) {
       /**
        * @swagger