fix(contributors): allow an editor to view a specific user details

datatlas-erasme · Jan 30, 2024 · 7b6f26d · 7b6f26d
1 parent 2469d24
commit 7b6f26d
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/apps/backend/src/auth/can-get-user.guard.ts b/apps/backend/src/auth/can-get-user.guard.ts
@@ -22,6 +22,9 @@ export class CanGetUserGuard extends AuthGuard('local') {
     if (userCredentials === null) {
       return false;
     }
-    return userCredentials.role === Roles.ADMIN || parseInt(request.params.id) === userCredentials.id;
+
+    return (
+      [Roles.ADMIN, Roles.EDITOR].includes(userCredentials.role) || parseInt(request.params.id) === userCredentials.id
+    );
   }
 }