corebasic 1.0.152 → 1.0.153

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/libs/session.js +7 -2
  2. package/package.json +1 -1
package/libs/session.js CHANGED
@@ -27,7 +27,12 @@ export const start = (expressApp, allowedUrls) => {
27
27
  if (urlsAllowed.includes(req.path))
28
28
  return next()
29
29
 
30
- const checkPrivilege = async req => (await Features.send({company: req.body.company, outlet: req.body.outlet}, "privileges.query.check", {feature: req.body.feature }, {id: req.body.staff})).data.granted
30
+ const checkPrivilege = async req => {
31
+ const granted = (await Features.send({company: req.body.company, outlet: req.body.outlet}, "privileges.query.check", {feature: req.body.feature }, {id: req.body.staff})).data.granted
32
+ if (!granted)
33
+ throw {message: "Access Denied"}
34
+ return granted
35
+ }
31
36
 
32
37
  try {
33
38
  const token = req.header('JWT'); // 'Authorization' for Spring Boot, 'x-access-token' for Node.js Express back-end
@@ -38,7 +43,7 @@ export const start = (expressApp, allowedUrls) => {
38
43
  return next()
39
44
  throw null;
40
45
  } catch (error) {
41
- return res.status(401).json({ message: 'Unauthorized' })
46
+ return res.status(401).json({ message: error?.message === "Access Denied" ? error.message : 'Unauthorized' })
42
47
  }
43
48
  })
44
49
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "corebasic",
3
3
  "type": "module",
4
- "version": "1.0.152",
4
+ "version": "1.0.153",
5
5
  "description": "",
6
6
  "main": "index.js",
7
7
  "scripts": {