Added proper authentication to route

cd0625a4 · Seb Barnard · 7921b058 · cd0625a4 · cd0625a4
Commit cd0625a4 authored 3 years ago by Seb Barnard
--- a/src/main/java/com/example/clientproject/services/UserLinked.java
+++ b/src/main/java/com/example/clientproject/services/UserLinked.java
@@ -20,4 +20,14 @@ public class UserLinked {
            }
        } return false;
    }
+    public boolean isAdmin(int userId, int shopId){
+        List<UserPermissions> allLinks = userPermRepo.findByUserId(userId);
+        for(UserPermissions u:allLinks){
+            if(u.getShop().getShopId() == shopId){
+                if (u.getAdminType().getAdminTypeId() == 2) {
+                    return true;
+                }
+            }
+        } return false;
+    }
 }
--- a/src/main/java/com/example/clientproject/web/restControllers/UpdateStaff.java
+++ b/src/main/java/com/example/clientproject/web/restControllers/UpdateStaff.java
@@ -40,7 +40,8 @@ public class UpdateStaff {

    @PostMapping("/updateStaff")
    public String addStaff(UpdateStaffForm usf, HttpSession session){
-        if(!userLinked.isLinked(jwtUtils.getLoggedInUserId(session).get(), usf.getShopId())){
+        if((!userLinked.isLinked(jwtUtils.getLoggedInUserId(session).get(), usf.getShopId())) &&
+                (!userLinked.isAdmin(jwtUtils.getLoggedInUserId(session).get(), usf.getShopId()))){
            return "USER NOT AUTHENTICATED";
        }
        int userId;