Fix auth check for short links

2024-11-01 15:03:11 -04:00 · 2024-11-01 15:03:11 -04:00 · abedaa8d20
commit abedaa8d20
parent 3b86510e2a
3 changed files with 7 additions and 5 deletions
--- a/app/routes/short-links.tsx
+++ b/app/routes/short-links.tsx
@ -32,9 +32,9 @@ export async function loader({ context }: { context: RequestContext }) {
    });

  if (
-    ![0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
+    typeof [0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
      (i) => context.data.current_user.permissions & (1 << i),
-    )
+    ) === "undefined"
  )
    throw new Response(null, {
      status: 403,
--- a/app/routes/short-links_.create.tsx
+++ b/app/routes/short-links_.create.tsx
@ -27,9 +27,9 @@ export async function loader({ context }: { context: RequestContext }) {
    });

  if (
-    ![0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
+    typeof [0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
      (i) => context.data.current_user.permissions & (1 << i),
-    )
+    ) === "undefined"
  )
    throw new Response(null, {
      status: 403,
--- a/functions/api/short-links/_middleware.ts
+++ b/functions/api/short-links/_middleware.ts
@ -6,7 +6,9 @@ export async function onRequest(context: RequestContext) {
  if (!user) return jsonError("Unauthorized", 401);

  if (
-    ![0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find((i) => user.permissions & (1 << i))
+    typeof [0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
+      (i) => user.permissions & (1 << i),
+    ) === "undefined"
  )
    return jsonError("Forbidden", 403);