rockfic/next
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(api): allow admins to access a hidden story's full contents

Browse Source
This commit is contained in:
✑ ☙◦❀ The Tablet ☯ GamerGirlandCo ❀◦❧ 2023-12-09 16:58:35 -05:00
parent 37e9bcc17c
commit 3bc828ad5e
Signed by: tablet
GPG Key ID: 924A5F6AF051E87C
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/api/story/[id]/full.get.ts
View File

@ -8,7 +8,11 @@ export default eventHandler(async (ev) => {
isLoggedIn(ev); isLoggedIn(ev);
const s = await storyQuerier(ev); const s = await storyQuerier(ev);
const hidden = s.chapters.some((a) => a.hidden); const hidden = s.chapters.some((a) => a.hidden);
if (hidden && ev.context.currentUser?._id !== s.author._id) { if (
hidden &&
ev.context.currentUser?._id !== s.author._id &&
!ev.context.currentUser?.profile.isAdmin
) {
throw createError({ throw createError({
statusCode: 403, statusCode: 403,
message: messages[403], message: messages[403],