pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-22 17:51:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix edge function role check

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-10-09 17:07:42 +00:00
parent 9866b87f7f
commit ff7c90e62d
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
supabase/functions/process-selective-approval/index.ts
View File

@@ -88,21 +88,25 @@ serve(async (req) => {
); );
// Check if user has moderator permissions using service role to bypass RLS // Check if user has moderator permissions using service role to bypass RLS
const { data: profile, error: profileError } = await supabase const { data: roles, error: rolesError } = await supabase
.from('profiles') .from('user_roles')
.select('role') .select('role')
.eq('user_id', authenticatedUserId) .eq('user_id', authenticatedUserId);
.single();
if (profileError || !profile) { if (rolesError) {
console.error('Failed to fetch profile:', profileError); console.error('Failed to fetch user roles:', rolesError);
return new Response( return new Response(
JSON.stringify({ error: 'User profile not found.' }), JSON.stringify({ error: 'Failed to verify user permissions.' }),
{ status: 403, headers: { ...corsHeaders, 'Content-Type': 'application/json' } } { status: 403, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
); );
} }
if (profile.role !== 'moderator' && profile.role !== 'admin') { const userRoles = roles?.map(r => r.role) || [];
const isModerator = userRoles.includes('moderator') ||
userRoles.includes('admin') ||
userRoles.includes('superuser');
if (!isModerator) {
return new Response( return new Response(
JSON.stringify({ error: 'Insufficient permissions. Moderator role required.' }), JSON.stringify({ error: 'Insufficient permissions. Moderator role required.' }),
{ status: 403, headers: { ...corsHeaders, 'Content-Type': 'application/json' } } { status: 403, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }