regalijan/car-crushers-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't allow standard et to access strike api routes

Browse Source
This commit is contained in:
Regalijan 2024-12-05 21:28:31 -05:00
parent 2f200f889a
commit cae9af5359
Signed by: regalijan
GPG Key ID: 5D4196DA269EF520
1 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
functions/api/events-team/strikes/_middleware.ts
View File

@ -5,13 +5,7 @@ export async function onRequest(context: RequestContext) {
if (!user) return jsonError("Not logged in", 401);
if (![1 << 3, 1 << 4, 1 << 12].find((p) => user.permissions & p))
return jsonError("Not part of Events Team", 403);
if (
context.request.method !== "GET" &&
![1 << 4, 1 << 12].find((p) => user.permissions & p)
)
if (![1 << 4, 1 << 12].find((p) => user.permissions & p))
return jsonError("Cannot manage strikes", 403);
return await context.next();