From e118501bf1dfa8dada2c57090e62631de620f3dd Mon Sep 17 00:00:00 2001 From: sct Date: Mon, 15 Feb 2021 01:57:20 +0000 Subject: [PATCH] fix(requests): correctly filter requests out for users without view requests permission --- server/routes/request.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/routes/request.ts b/server/routes/request.ts index f81f3b285..6c362d91f 100644 --- a/server/routes/request.ts +++ b/server/routes/request.ts @@ -89,7 +89,7 @@ requestRoutes.get('/', async (req, res, next) => { requestStatus: statusFilter, }) .andWhere( - '(request.is4k = false AND media.status IN (:...mediaStatus)) OR (request.is4k = true AND media.status4k IN (:...mediaStatus))', + '((request.is4k = 0 AND media.status IN (:...mediaStatus)) OR (request.is4k = 1 AND media.status4k IN (:...mediaStatus)))', { mediaStatus: mediaStatusFilter, } @@ -101,7 +101,7 @@ requestRoutes.get('/', async (req, res, next) => { { type: 'or' } ) ) { - query = query.andWhere('request.requestedBy.id = :id', { + query = query.andWhere('requestedBy.id = :id', { id: req.user?.id, }); }