surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- fix: l'admin non riusciva a cambiare il Circuito...

Browse Source
This commit is contained in:
Surya Paolo
2024-04-04 18:43:17 +02:00
parent 970428a359
commit fef8d0fbc7
4 changed files with 43 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/server/router/index_router.js
View File

@@ -339,9 +339,12 @@ router.post('/settable', authenticate, async (req, res) => {
consentito = true;
}
if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) &&
!User.isEditor(req.user.perm) && !User.isFacilitatore(req.user.perm)) &&
!tools.ModificheConsentite(req, params.table, fieldsvalue)) {
if ((!User.isAdmin(req.user.perm)
&& !User.isManager(req.user.perm)
&& !User.isEditor(req.user.perm)
&& !User.isFacilitatore(req.user.perm))
&&
await !tools.ModificheConsentite(req, params.table, fieldsvalue, mydata ? mydata._id: '')) {
// If without permissions, exit
return res.status(404).
send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
@@ -857,7 +860,7 @@ router.patch('/chval', authenticate, async (req, res) => {
&& !User.isManager(req.user.perm)
&& !User.isEditor(req.user.perm)
&& !User.isFacilitatore(req.user.perm))
&& (!tools.ModificheConsentite(req, mydata.table, fieldsvalue, id)))
&& (await !tools.ModificheConsentite(req, mydata.table, fieldsvalue, id)))
&& !((mydata.table === 'accounts')
&& await Account.canEditAccountAdmins(req.user.username, mydata.id))
) {
@@ -1041,7 +1044,7 @@ router.patch('/chval', authenticate, async (req, res) => {
}
}
if (tools.ModificheConsentite(req, mydata.table, fieldsvalue)) {
if (await tools.ModificheConsentite(req, mydata.table, fieldsvalue)) {
let msg = '';
if (mydata.table === 'users') {
if ('aportador_solidario' in fieldsvalue) {
@@ -1240,7 +1243,7 @@ router.delete('/delrec/:table/:id', authenticate, async (req, res) => {
if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) &&
(tablename !== 'extralist') &&
!tools.ModificheConsentite(req, tablename, fields, id, req.user)) {
await !tools.ModificheConsentite(req, tablename, fields, id, req.user)) {
// If without permissions, exit
return res.status(404).
send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });