EPESS/epess-web-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enhance RefundTicketSchema with additional role checks for refund requests

Browse Source 
- Updated RefundTicketSchema to include CENTER_OWNER in the authorization check for refund requests, ensuring that only authorized roles can request refunds.
- Improved error handling to provide clearer feedback for unauthorized access attempts.

These changes enhance the security and functionality of the refund ticket process, ensuring proper role validation and user experience.
This commit is contained in:
Ly Tuan Kiet
2024-12-13 20:22:29 +07:00
parent 8051ae9442
commit 70ff392d2e
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/RefundTicket/refundticket.schema.ts
View File

@@ -139,7 +139,11 @@ export class RefundTicketSchema extends PothosSchema {
throw new Error('Unauthorized') throw new Error('Unauthorized')
} }
// Check if the user is a customer or a center mentor // Check if the user is a customer or a center mentor
if (ctx.http.me?.role !== Role.CUSTOMER && ctx.http.me?.role !== Role.CENTER_MENTOR) { if (
ctx.http.me?.role !== Role.CUSTOMER &&
ctx.http.me?.role !== Role.CENTER_MENTOR &&
ctx.http.me?.role !== Role.CENTER_OWNER
) {
throw new Error('Only customers and center mentors can request refund') throw new Error('Only customers and center mentors can request refund')
} }