added isadmin check in isAuthorized

devU-api/src/authorization/authorization.middleware.ts

@@ -5,6 +5,7 @@ import UserCourseService from '../entities/userCourse/userCourse.service'
 import RoleService from '../entities/role/role.service'
 import { serialize } from '../entities/role/role.serializer'
 import { Role } from '../../devu-shared-modules'
+import UserService from '../entities/user/user.service'
 
 /**
  * Are you authorized to access this endpoint?
@@ -23,6 +24,14 @@ export function isAuthorized(permission: string, permissionIfSelf?: string) {
       return res.status(404).json(NotFound)
     }
 
+    // check if admin
+    const user = await UserService.isAdmin(userId!)
+    if (user && user.isAdmin!) {
+      // no role checks needed
+      // user is admin !
+      return next()
+    }
+
     // Pull userCourse
     const userCourse = await UserCourseService.retrieveByCourseAndUser(courseId, userId)