changed

HITK-TECH-Community · May 26, 2024 · 684caf7 · 684caf7
1 parent 7298183
commit 684caf7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/backend/app/routes/contactUs/get.js b/backend/app/routes/contactUs/get.js
@@ -4,6 +4,10 @@ const { ErrorHandler } = require('../../../helpers/error');
 const constants = require('../../../constants');
 
 module.exports = async (req, res, next) => {
+  const payload = res.locals.decode;
+  if (!payload.isSuperAdmin) {
+    return res.status(401).json({ error: 'You are not authorized to perform this action' });
+  }
   const [err, response] = await to(contactUs.find());
   if (err) {
     const error = new ErrorHandler(constants.ERRORS.DATABASE, {

diff --git a/backend/app/routes/contactUs/index.js b/backend/app/routes/contactUs/index.js
@@ -6,8 +6,8 @@ const getContact = require('./get');
 const deleteContactUs = require('./delete');
 const { authMiddleware } = require('../../../helpers/middlewares/auth');
 
-router.get('/getcontactus', getContact);
+router.get('/getcontactus', authMiddleware, getContact);
 router.post('/', validation(contactValidationSchema), postContact);
-router.delete("/deleteContactUs",authMiddleware, deleteContactUs);
+router.delete('/deleteContactUs', authMiddleware, deleteContactUs);
 
 module.exports = router;