public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: only check event type ownership if not admin

pull/9078/head
Agusti Fernandez Pardo 2022-06-04 02:26:16 +02:00
parent 514a98f9e0
commit d8d0d42374
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pages/api/event-types/[id].ts
View File

@ -27,10 +27,9 @@ export async function eventTypeById(
select: { eventTypes: true },
});
const userEventTypes = data.eventTypes.map((eventType) => eventType.id);
if (!isAdmin || !userEventTypes.includes(safeQuery.data.id))
res.status(401).json({ message: "Unauthorized" });
else {
if (!isAdmin) {
if (!userEventTypes.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
} else {
switch (method) {
/**
* @swagger