diff --git a/devU-api/src/authorization/authorization.middleware.ts b/devU-api/src/authorization/authorization.middleware.ts index 567554a..4fdf73b 100644 --- a/devU-api/src/authorization/authorization.middleware.ts +++ b/devU-api/src/authorization/authorization.middleware.ts @@ -5,6 +5,7 @@ import UserCourseService from '../entities/userCourse/userCourse.service' import RoleService from '../entities/role/role.service' import { serialize } from '../entities/role/role.serializer' import { Role } from '../../devu-shared-modules' +import UserService from '../entities/user/user.service' /** * Are you authorized to access this endpoint? @@ -23,6 +24,14 @@ export function isAuthorized(permission: string, permissionIfSelf?: string) { return res.status(404).json(NotFound) } + // check if admin + const user = await UserService.isAdmin(userId!) + if (user && user.isAdmin!) { + // no role checks needed + // user is admin ! + return next() + } + // Pull userCourse const userCourse = await UserCourseService.retrieveByCourseAndUser(courseId, userId)