UniqAI/hexabot
1
0
Fork 0
mirror of https://github.com/hexastack/hexabot synced 2025-06-26 18:27:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: access to own user avatar

Browse Source
This commit is contained in:
Mohamed Marrouchi 2025-01-06 13:27:37 +01:00
parent d1e9214128
commit 586337496f
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
api/src/user/guards/ability.guard.ts
View File

@ -1,5 +1,5 @@
/* /*
* Copyright © 2024 Hexastack. All rights reserved. * Copyright © 2025 Hexastack. All rights reserved.
* *
* Licensed under the GNU Affero General Public License v3.0 (AGPLv3) with the following additional terms: * Licensed under the GNU Affero General Public License v3.0 (AGPLv3) with the following additional terms:
* 1. The name "Hexabot" is a trademark of Hexastack. You may not use this name in derivative works without express written permission. * 1. The name "Hexabot" is a trademark of Hexastack. You may not use this name in derivative works without express written permission.
@ -53,9 +53,16 @@ export class Ability implements CanActivate {
if (user?.roles?.length) { if (user?.roles?.length) {
if ( if (
['/auth/logout', '/logout', '/auth/me', '/channel', '/i18n'].includes( [
_parsedUrl.pathname, // Allow access to all routes available for authenticated users
) '/auth/logout',
'/logout',
'/auth/me',
'/channel',
'/i18n',
// Allow access to own avatar
`/user/${user.id}/profile_pic`,
].includes(_parsedUrl.pathname)
) { ) {
return true; return true;
} }