From 504e1352f6fd70534ff14f18acb00cdcf027b013 Mon Sep 17 00:00:00 2001
From: Guillaume Dorce <polynux.dev@gmail.com>
Date: Fri, 14 Oct 2022 16:46:30 +0200
Subject: [PATCH] fix permission for edit

---
 src/controller/PostController.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/controller/PostController.ts b/src/controller/PostController.ts
index 3478842..ec39672 100644
--- a/src/controller/PostController.ts
+++ b/src/controller/PostController.ts
@@ -52,7 +52,11 @@ const editPost = async (post: Post): Promise<PrismaPost | null | Error> => {
   if (originalPost === null) {
     return null;
   }
-  if (originalPost.authorId !== post.authorId) {
+  const user = await getUserById(post.authorId);
+  if (!user) {
+    return new Error('User not found');
+  }
+  if (originalPost.authorId !== post.authorId && user.role === 'USER') {
     return new Error('User is not the author of this post');
   }
   const editedPost = await prisma.post.update({