- Bot Telegram ...

src/server/router/index_router.js

@@ -250,7 +250,7 @@ router.patch('/chval', authenticate, (req, res) => {
   tools.mylogshow('PATCH CHVAL: ', id, fieldsvalue);
 
   // If I change my record...
-  if ((!User.isAdmin(req.user) && !User.isManager(req.user)) && !(req.user._id.toString() === id)) {
+  if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) && !(req.user._id.toString() === id)) {
     // If without permissions, exit
     return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
   }
@@ -278,7 +278,7 @@ router.delete('/delrec/:table/:id', authenticate, (req, res) => {
 
   const mytable = getTableByTableName(tablename);
 
-  if (!User.isAdmin(req.user) && !User.isManager(req.user)) {
+  if (!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) {
     // If without permissions, exit
     return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
   }
@@ -315,7 +315,11 @@ router.post('/duprec/:table/:id', authenticate, (req, res) => {
 
   const mytable = getTableByTableName(tablename);
 
-  if (!User.isAdmin(req.user) && !User.isManager(req.user)) {
+  if (!req.user) {
+    return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
+  }
+
+  if (!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) {
     // If without permissions, exit
     return res.status(404).send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
   }
@@ -447,7 +451,7 @@ router.get(process.env.LINK_CHECK_UPDATES, authenticate, (req, res) => {
 
     if (req.user) {
       // If User is Admin, then send user Lists
-      if (User.isAdmin(req.user)) {
+      if (User.isAdmin(req.user.perm)) {
         // Send UsersList
         usersList = User.getUsersList(req.user.idapp)
       }