EPESS/epess-web-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: extend role-based access control in Quiz schema

Browse Source 
- Updated authorization logic to allow both CENTER_MENTOR and CENTER_OWNER roles access to Quiz queries and mutations.
- Enhanced security by refining user role checks to ensure proper access control.
This commit is contained in:
Ly Tuan Kiet
2024-12-09 17:54:17 +07:00
parent 2edd7c18e5
commit 269563555f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Quiz/quiz.schema.ts
View File

@@ -159,7 +159,7 @@ export class QuizSchema extends PothosSchema {
if (!ctx.http.me) { if (!ctx.http.me) {
throw new Error('Unauthorized') throw new Error('Unauthorized')
} }
if (ctx.http.me.role !== Role.CENTER_MENTOR) { if (ctx.http.me.role !== Role.CENTER_MENTOR && ctx.http.me.role !== Role.CENTER_OWNER) {
throw new Error('Unauthorized') throw new Error('Unauthorized')
} }
const centerMentor = await this.prisma.centerMentor.findUnique({ const centerMentor = await this.prisma.centerMentor.findUnique({