fix(api): allow admins to access a hidden story's full contents

2023-12-09 16:58:35 -05:00 · 2023-12-09 16:58:35 -05:00 · 3bc828ad5e
commit 3bc828ad5e
parent 37e9bcc17c
1 changed files with 5 additions and 1 deletions
--- a/server/api/story/[id]/full.get.ts
+++ b/server/api/story/[id]/full.get.ts
@ -8,7 +8,11 @@ export default eventHandler(async (ev) => {
 	isLoggedIn(ev);
 	const s = await storyQuerier(ev);
 	const hidden = s.chapters.some((a) => a.hidden);
-	if (hidden && ev.context.currentUser?._id !== s.author._id) {
+	if (
+		hidden &&
+		ev.context.currentUser?._id !== s.author._id &&
+		!ev.context.currentUser?.profile.isAdmin
+	) {
 		throw createError({
 			statusCode: 403,
 			message: messages[403],