From 10d62c683f1edb1725ae8ddd4cc4cf33e506cd86 Mon Sep 17 00:00:00 2001 From: androidlover5842 Date: Wed, 28 Jan 2026 18:34:53 +0530 Subject: [PATCH] Allow managers to revoke temp cards --- .../android/trisolarisserver/controller/IssuedCards.kt | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/IssuedCards.kt b/src/main/kotlin/com/android/trisolarisserver/controller/IssuedCards.kt index db0e430..d6dacf2 100644 --- a/src/main/kotlin/com/android/trisolarisserver/controller/IssuedCards.kt +++ b/src/main/kotlin/com/android/trisolarisserver/controller/IssuedCards.kt @@ -157,9 +157,9 @@ class IssuedCards( @PathVariable cardIndex: Int, @AuthenticationPrincipal principal: MyPrincipal? ): CardRevokeResponse { - requireRevokeActor(propertyId, principal) val card = issuedCardRepo.findByPropertyIdAndCardIndex(propertyId, cardIndex) ?: throw ResponseStatusException(HttpStatus.NOT_FOUND, "Card not found") + requireRevokeActor(propertyId, principal, card.roomStay == null) if (card.revokedAt == null) { val now = nowForProperty(card.property.timezone) card.revokedAt = now @@ -231,12 +231,16 @@ class IssuedCards( } } - private fun requireRevokeActor(propertyId: UUID, principal: MyPrincipal?) { + private fun requireRevokeActor(propertyId: UUID, principal: MyPrincipal?, isTempCard: Boolean) { if (principal == null) { throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Missing principal") } propertyAccess.requireMember(propertyId, principal.userId) - propertyAccess.requireAnyRole(propertyId, principal.userId, Role.ADMIN) + if (isTempCard) { + propertyAccess.requireAnyRole(propertyId, principal.userId, Role.ADMIN, Role.MANAGER) + } else { + propertyAccess.requireAnyRole(propertyId, principal.userId, Role.ADMIN) + } }