regalijan/car-crushers-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add actual permission check to appeal toggle endpoint

Browse Source
This commit is contained in:
regalijan 2023-10-19 16:49:11 -04:00
parent 894baedb27
commit 9e44a7e0a1
Signed by: regalijan
GPG Key ID: 5D4196DA269EF520
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
functions/api/appeals/toggle.ts
View File

@ -1,5 +1,14 @@
export async function onRequestPost(context: RequestContext) { export async function onRequestPost(context: RequestContext) {
const { active } = context.data.body; const { active } = context.data.body;
const { permissions } = context.data.current_user;
if (!(permissions & (1 << 0)) || !(permissions & (1 << 11)))
return new Response('{"error":"Forbidden"}', {
headers: {
"content-type": "application/json",
},
status: 403,
});
if (typeof active !== "boolean") if (typeof active !== "boolean")
return new Response('{"error":"Active property must be a boolean"}', { return new Response('{"error":"Active property must be a boolean"}', {