Skip to content

Commit

Permalink
feat:added authorization requirements for posting and deleting reports
Browse files Browse the repository at this point in the history
  • Loading branch information
@timobraz
timobraz committed Feb 1, 2024
1 parent a337e23 commit e11523b
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions api/src/controllers/reports.ts
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import { use } from 'sst/constructs';

Check failure on line 1 in api/src/controllers/reports.ts

View workflow job for this annotation

GitHub Actions / Lint and check formatting 

'use' is defined but never used
/**
@module ReportsRoute
*/
Expand All @@ -13,6 +14,8 @@ const router = express.Router();
* Get all reports
*/
router.get('/', async (req, res) => {
if (!req.session.passport) return res.status(401).send('Unathenticated');
if (!req.session.passport.admin) return res.status(403).send('Unauthorized');
const reports = await getDocuments(COLLECTION_NAMES.REPORTS, {}); // get all reports in collection

res.json(reports);
Expand All @@ -34,6 +37,8 @@ router.post('/', async (req, res) => {
*/
router.delete('/', async (req, res) => {
let status;
if (!req.session.passport) return res.status(401).send('Unathenticated');
if (!req.session.passport.admin) return res.status(403).send('Unauthorized');
if (req.body.id) {
console.log(`Deleting report ${req.body.id}`);
status = await deleteDocument(COLLECTION_NAMES.REPORTS, {
Expand Down

0 comments on commit e11523b

Please sign in to comment.