From 269563555f119681078a63ddb0acd1bbb8cccd95 Mon Sep 17 00:00:00 2001
From: Ly Tuan Kiet <lyhung998877@gmail.com>
Date: Mon, 9 Dec 2024 17:54:17 +0700
Subject: [PATCH] fix: extend role-based access control in Quiz schema

- Updated authorization logic to allow both CENTER_MENTOR and CENTER_OWNER roles access to Quiz queries and mutations.
- Enhanced security by refining user role checks to ensure proper access control.
---
 src/Quiz/quiz.schema.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Quiz/quiz.schema.ts b/src/Quiz/quiz.schema.ts
index 06d6e41..d871c2b 100644
--- a/src/Quiz/quiz.schema.ts
+++ b/src/Quiz/quiz.schema.ts
@@ -159,7 +159,7 @@ export class QuizSchema extends PothosSchema {
           if (!ctx.http.me) {
             throw new Error('Unauthorized')
           }
-          if (ctx.http.me.role !== Role.CENTER_MENTOR) {
+          if (ctx.http.me.role !== Role.CENTER_MENTOR && ctx.http.me.role !== Role.CENTER_OWNER) {
             throw new Error('Unauthorized')
           }
           const centerMentor = await this.prisma.centerMentor.findUnique({