androidlover5842/TrisolarisServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restrict booking actions to admin/manager
Some checks failed
build-and-deploy / build-deploy (push) Failing after 28s
Details

Browse Source
This commit is contained in:
androidlover5842
2026-01-29 09:55:52 +05:30
parent 52f9b94031
commit d033686e53
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/kotlin/com/android/trisolarisserver/controller/BookingFlow.kt
View File

@@ -435,7 +435,7 @@ class BookingFlow(
} }
private fun requireActor(propertyId: UUID, principal: MyPrincipal?): com.android.trisolarisserver.models.property.AppUser { private fun requireActor(propertyId: UUID, principal: MyPrincipal?): com.android.trisolarisserver.models.property.AppUser {
val resolved = requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER, Role.STAFF) val resolved = requireRole(propertyAccess, propertyId, principal, Role.ADMIN, Role.MANAGER)
return appUserRepo.findById(resolved.userId).orElseThrow { return appUserRepo.findById(resolved.userId).orElseThrow {
ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found") ResponseStatusException(HttpStatus.UNAUTHORIZED, "User not found")
} }
@@ -462,9 +462,7 @@ class BookingFlow(
property: com.android.trisolarisserver.models.property.Property, property: com.android.trisolarisserver.models.property.Property,
mode: TransportMode mode: TransportMode
): Boolean { ): Boolean {
val allowed = if (property.allowedTransportModes.isNotEmpty()) { val allowed = property.allowedTransportModes.ifEmpty {
property.allowedTransportModes
} else {
TransportMode.entries.toSet() TransportMode.entries.toSet()
} }
return allowed.contains(mode) return allowed.contains(mode)