From 2cd5c7a5b7a63c8796d1f49222100e68a7db1d31 Mon Sep 17 00:00:00 2001
From: Regalijan <r@regalijan.com>
Date: Tue, 5 Mar 2024 21:37:57 -0500
Subject: [PATCH] Don't allow non-management to access et member management

---
 app/routes/et-members.tsx  | 6 +-----
 app/routes/events-team.tsx | 8 +++++---
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/app/routes/et-members.tsx b/app/routes/et-members.tsx
index 96f2295..67af2dd 100644
--- a/app/routes/et-members.tsx
+++ b/app/routes/et-members.tsx
@@ -37,11 +37,7 @@ export async function loader({ context }: { context: RequestContext }) {
       status: 401,
     });
 
-  if (
-    ![1 << 3, 1 << 4, 1 << 12].find(
-      (p) => context.data.current_user.permissions & p,
-    )
-  )
+  if (![1 << 4, 1 << 12].find((p) => context.data.current_user.permissions & p))
     throw new Response(null, {
       status: 403,
     });
diff --git a/app/routes/events-team.tsx b/app/routes/events-team.tsx
index 669546c..b4e6171 100644
--- a/app/routes/events-team.tsx
+++ b/app/routes/events-team.tsx
@@ -454,9 +454,11 @@ export default function () {
         <Link color="#646cff" href="/book-event" mt="16px">
           Book an Event
         </Link>
-        <Link color="#646cff" href="/et-members" mb="32px" mt="8px">
-          Events Team Member Management
-        </Link>
+        {can_approve ? (
+          <Link color="#646cff" href="/et-members" mb="32px" mt="8px">
+            Events Team Member Management
+          </Link>
+        ) : null}
       </VStack>
     </Container>
   );