From ba5bd0ca02dd46665f9a954216e33be32d6d9624 Mon Sep 17 00:00:00 2001 From: androidlover5842 Date: Sun, 1 Feb 2026 23:32:04 +0530 Subject: [PATCH] Restrict room create/update to admins --- .../com/android/trisolarisserver/controller/room/Rooms.kt | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/room/Rooms.kt b/src/main/kotlin/com/android/trisolarisserver/controller/room/Rooms.kt index 3c64a7f..00b07ab 100644 --- a/src/main/kotlin/com/android/trisolarisserver/controller/room/Rooms.kt +++ b/src/main/kotlin/com/android/trisolarisserver/controller/room/Rooms.kt @@ -1,7 +1,7 @@ package com.android.trisolarisserver.controller.room import com.android.trisolarisserver.controller.common.parseDate -import com.android.trisolarisserver.controller.common.requireMember import com.android.trisolarisserver.controller.common.requirePrincipal +import com.android.trisolarisserver.controller.common.requireRole import com.android.trisolarisserver.component.auth.PropertyAccess import com.android.trisolarisserver.component.room.RoomBoardEvents @@ -280,8 +280,7 @@ class Rooms( @AuthenticationPrincipal principal: MyPrincipal?, @RequestBody request: RoomUpsertRequest ): RoomResponse { - requirePrincipal(principal) - propertyAccess.requireMember(propertyId, principal!!.userId) + requireRole(propertyAccess, propertyId, principal, Role.ADMIN) if (roomRepo.existsByPropertyIdAndRoomNumber(propertyId, request.roomNumber)) { throw ResponseStatusException(HttpStatus.CONFLICT, "Room number already exists for property") @@ -327,8 +326,7 @@ class Rooms( @AuthenticationPrincipal principal: MyPrincipal?, @RequestBody request: RoomUpsertRequest ): RoomResponse { - requirePrincipal(principal) - propertyAccess.requireMember(propertyId, principal!!.userId) + requireRole(propertyAccess, propertyId, principal, Role.ADMIN) val room = roomRepo.findByIdAndPropertyId(roomId, propertyId) ?: throw ResponseStatusException(HttpStatus.NOT_FOUND, "Room not found for property")