Merge pull request #974 from OneCommunityGlobal/Jingyi_create/edit/de…

…lete_badges_permission Jingyi create/edit/delete badges permission
OneCommunityGlobal · Jun 23, 2024 · 74da28a · 74da28a
2 parents 2ab7527 + 985d2ea
commit 74da28a
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/src/controllers/badgeController.js b/src/controllers/badgeController.js
@@ -13,12 +13,21 @@ const badgeController = function (Badge) {
   const cache = cacheClosure();
 
   const getAllBadges = async function (req, res) {
-    console.log(req.body.requestor);
-    if (!(await helper.hasPermission(req.body.requestor, 'seeBadges'))) {
-      console.log('in if statement');
+    console.log(req.body.requestor);  // Retain logging from development branch for debugging
+
+    // Check if the user has any of the following permissions
+    if (
+      !(await helper.hasPermission(req.body.requestor, 'seeBadges')) &&
+      !(await helper.hasPermission(req.body.requestor, 'assignBadges')) &&
+      !(await helper.hasPermission(req.body.requestor, 'createBadges')) &&
+      !(await helper.hasPermission(req.body.requestor, 'updateBadges')) &&
+      !(await helper.hasPermission(req.body.requestor, 'deleteBadges'))
+    ) {
+      console.log('in if statement');  // Retain logging from development branch for debugging
       res.status(403).send('You are not authorized to view all badge data.');
       return;
     }
+
     // Add cache to reduce database query and optimize performance
     if (cache.hasCache('allBadges')) {
       res.status(200).send(cache.getCache('allBadges'));