From 70ff392d2ef06d54baa3b42e0ed7a93de3f3dc4a Mon Sep 17 00:00:00 2001
From: Ly Tuan Kiet <lyhung998877@gmail.com>
Date: Fri, 13 Dec 2024 20:22:29 +0700
Subject: [PATCH] feat: enhance RefundTicketSchema with additional role checks
 for refund requests

- Updated RefundTicketSchema to include CENTER_OWNER in the authorization check for refund requests, ensuring that only authorized roles can request refunds.
- Improved error handling to provide clearer feedback for unauthorized access attempts.

These changes enhance the security and functionality of the refund ticket process, ensuring proper role validation and user experience.
---
 src/RefundTicket/refundticket.schema.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/RefundTicket/refundticket.schema.ts b/src/RefundTicket/refundticket.schema.ts
index cecf5e8..def8309 100644
--- a/src/RefundTicket/refundticket.schema.ts
+++ b/src/RefundTicket/refundticket.schema.ts
@@ -139,7 +139,11 @@ export class RefundTicketSchema extends PothosSchema {
             throw new Error('Unauthorized')
           }
           // Check if the user is a customer or a center mentor
-          if (ctx.http.me?.role !== Role.CUSTOMER && ctx.http.me?.role !== Role.CENTER_MENTOR) {
+          if (
+            ctx.http.me?.role !== Role.CUSTOMER &&
+            ctx.http.me?.role !== Role.CENTER_MENTOR &&
+            ctx.http.me?.role !== Role.CENTER_OWNER
+          ) {
             throw new Error('Only customers and center mentors can request refund')
           }