UniqueSoft/cash-report-system
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: latest updates

Browse Source
This commit is contained in:
Angie 2025-08-01 06:34:56 +02:00
parent 8e3d2ac02b
commit 1a6eaa5a0e
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
backend/routes/reports.js
View File

@ -177,10 +177,24 @@ router.put(
db.get("SELECT * FROM reports WHERE id = ?", [reportId], (err, report) => {
if (err || !report)
return res.status(404).json({ error: "Report not found" });
// Not admin & not owner
if (req.user.role !== "admin" && report.userId !== req.user.userId) {
return res.status(403).json({ error: "Forbidden" });
}
// Not admin & trying to edit a verified report
if (
req.user.role !== "admin" &&
(report.isVerified === 1 ||
report.isVerified === true ||
report.verified === 1 ||
report.verified === true)
) {
return res
.status(403)
.json({ error: "Запрещено редактировать подтвержденный отчет" });
}
const fields = [];
const values = [];
for (const key of [