Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Don't allow standard et to access strike api routes
  • Loading branch information
regalijan committed Dec 6, 2024
1 parent 2f200f8 commit cae9af5
Showing 1 changed file with 1 addition and 7 deletions.
8 changes: 1 addition & 7 deletions functions/api/events-team/strikes/_middleware.ts
Expand Up @@ -5,13 +5,7 @@ export async function onRequest(context: RequestContext) {

if (!user) return jsonError("Not logged in", 401);

if (![1 << 3, 1 << 4, 1 << 12].find((p) => user.permissions & p))
return jsonError("Not part of Events Team", 403);

if (
context.request.method !== "GET" &&
![1 << 4, 1 << 12].find((p) => user.permissions & p)
)
if (![1 << 4, 1 << 12].find((p) => user.permissions & p))
return jsonError("Cannot manage strikes", 403);

return await context.next();
Expand Down

0 comments on commit cae9af5

Please sign in to comment.