Allow managers to revoke temp cards

2026-01-28 18:34:53 +05:30
parent ba88aae4cf
commit 10d62c683f
1 changed files with 7 additions and 3 deletions
--- a/src/main/kotlin/com/android/trisolarisserver/controller/IssuedCards.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/IssuedCards.kt
@@ -157,9 +157,9 @@ class IssuedCards(
        @PathVariable cardIndex: Int,
        @AuthenticationPrincipal principal: MyPrincipal?
    ): CardRevokeResponse {
        requireRevokeActor(propertyId, principal)
        val card = issuedCardRepo.findByPropertyIdAndCardIndex(propertyId, cardIndex)
            ?: throw ResponseStatusException(HttpStatus.NOT_FOUND, "Card not found")
        requireRevokeActor(propertyId, principal, card.roomStay == null)
        if (card.revokedAt == null) {
            val now = nowForProperty(card.property.timezone)
            card.revokedAt = now
@@ -231,12 +231,16 @@ class IssuedCards(
        }
    }
-    private fun requireRevokeActor(propertyId: UUID, principal: MyPrincipal?) {
+    private fun requireRevokeActor(propertyId: UUID, principal: MyPrincipal?, isTempCard: Boolean) {
        if (principal == null) {
            throw ResponseStatusException(HttpStatus.UNAUTHORIZED, "Missing principal")
        }
        propertyAccess.requireMember(propertyId, principal.userId)
-        propertyAccess.requireAnyRole(propertyId, principal.userId, Role.ADMIN)
+        if (isTempCard) {
            propertyAccess.requireAnyRole(propertyId, principal.userId, Role.ADMIN, Role.MANAGER)
        } else {
            propertyAccess.requireAnyRole(propertyId, principal.userId, Role.ADMIN)
        }
    }