Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add actual permission check to appeal toggle endpoint
  • Loading branch information
regalijan committed Oct 19, 2023
1 parent 894baed commit 9e44a7e
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions functions/api/appeals/toggle.ts
@@ -1,5 +1,14 @@
export async function onRequestPost(context: RequestContext) {
const { active } = context.data.body;
const { permissions } = context.data.current_user;

if (!(permissions & (1 << 0)) || !(permissions & (1 << 11)))
return new Response('{"error":"Forbidden"}', {
headers: {
"content-type": "application/json",
},
status: 403,
});

if (typeof active !== "boolean")
return new Response('{"error":"Active property must be a boolean"}', {
Expand Down

0 comments on commit 9e44a7e

Please sign in to comment.