From 4a722023c2a671c156bb040a82a1ce2aea4ded19 Mon Sep 17 00:00:00 2001 From: casperiv0 <53900565+casperiv0@users.noreply.github.com> Date: Sun, 15 Oct 2023 11:07:43 +0200 Subject: [PATCH] fix: only check userId if required --- apps/api/src/controllers/record/records-controller.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/api/src/controllers/record/records-controller.ts b/apps/api/src/controllers/record/records-controller.ts index 3bbe6a04a..98717510f 100644 --- a/apps/api/src/controllers/record/records-controller.ts +++ b/apps/api/src/controllers/record/records-controller.ts @@ -53,6 +53,7 @@ import { Descendant, slateDataToString } from "@snailycad/utils/editor"; import puppeteer from "puppeteer"; import { AuditLogActionType, createAuditLogEntry } from "@snailycad/audit-logger/server"; import { captureException } from "@sentry/node"; +import { shouldCheckCitizenUserId } from "~/lib/citizen/has-citizen-access"; export const assignedOfficersInclude = { combinedUnit: { include: combinedUnitProperties }, @@ -397,12 +398,14 @@ export class RecordsController { }) async markRecordAsPaid( @Context("cad") cad: { features?: Record }, + @Context("user") user: User, @PathParams("id") recordId: string, - @Context("sessionUserId") sessionUserId: string, ): Promise { + const checkCitizenUserId = shouldCheckCitizenUserId({ cad, user }); + const citizen = await prisma.citizen.findFirst({ where: { - userId: sessionUserId, + userId: checkCitizenUserId ? user.id : undefined, Record: { some: { id: recordId } }, }, });