Tweaked LOA API RBAC to allow full command group access

2025-12-22 21:36:10 -05:00
1 changed files with 4 additions and 4 deletions
--- a/api/src/routes/loa.ts
+++ b/api/src/routes/loa.ts
@@ -26,7 +26,7 @@ router.post("/", async (req: Request, res: Response) => {
 });

 //admin posts LOA
-router.post("/admin", [requireRole("17th Administrator")], async (req: Request, res: Response) => {
+router.post("/admin", [requireRole(['17th Administrator', '17th HQ', '17th Command'])], async (req: Request, res: Response) => {
    let LOARequest = req.body as LOARequest;
    LOARequest.created_by = req.user.id;
    LOARequest.filed_date = new Date();
@@ -67,7 +67,7 @@ router.get("/history", async (req: Request, res: Response) => {
    }
 })

-router.get('/all', [requireRole("17th Administrator")], async (req: Request, res: Response) => {
+router.get('/all', [requireRole(['17th Administrator', '17th HQ', '17th Command'])], async (req: Request, res: Response) => {
    try {
        const page = Number(req.query.page) || undefined;
        const pageSize = Number(req.query.pageSize) || undefined;
@@ -107,7 +107,7 @@ router.post('/cancel/:id', async (req: Request, res: Response) => {
 })

 //TODO: enforce admin only
-router.post('/adminCancel/:id', [requireRole("17th Administrator")], async (req: Request, res: Response) => {
+router.post('/adminCancel/:id', [requireRole(['17th Administrator', '17th HQ', '17th Command'])], async (req: Request, res: Response) => {
    let closer = req.user.id;
    try {
        await closeLOA(Number(req.params.id), closer);
@@ -119,7 +119,7 @@ router.post('/adminCancel/:id', [requireRole("17th Administrator")], async (req:
 })

 // TODO: Enforce admin only
-router.post('/extend/:id', [requireRole("17th Administrator")], async (req: Request, res: Response) => {
+router.post('/extend/:id', [requireRole(['17th Administrator', '17th HQ', '17th Command'])], async (req: Request, res: Response) => {
    const to: Date = req.body.to;

    if (!to) {