fix(published): if inactive, check user for authz

opengovsg · Nov 29, 2023 · 3ec84ac · 3ec84ac
1 parent 6e7b27b
commit 3ec84ac
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/src/server/checker/CheckerController.ts b/src/server/checker/CheckerController.ts
@@ -119,10 +119,22 @@ export class CheckerController {
     res
   ) => {
     const { id } = req.params
+    const { user } = req.session
     try {
       const checker = await this.service.retrievePublished(id)
-      if (!checker || !checker.isActive) {
+      if (!checker) {
         res.status(404).json({ message: 'Not Found' })
+      } else if (!checker.isActive) {
+        if (!user) {
+          res.status(404).json({ message: 'Not Found' })
+        } else {
+          try {
+            await this.service.findAndCheckAuth(id, user)
+            res.json(checker)
+          } catch {
+            res.status(404).json({ message: 'Not Found' })
+          }
+        }
       } else {
         res.json(checker)
       }

diff --git a/src/server/checker/CheckerService.ts b/src/server/checker/CheckerService.ts
@@ -201,7 +201,7 @@ export class CheckerService {
       }
     }
 
-  private findAndCheckAuth: (
+  findAndCheckAuth: (
     id: string,
     user: User,
     transactionOptions?: { transaction?: Transaction }

diff --git a/src/server/checker/__test__/CheckerController.spec.ts b/src/server/checker/__test__/CheckerController.spec.ts
@@ -33,6 +33,7 @@ describe('CheckerController', () => {
     listCollaborators: jest.fn(),
     addCollaborator: jest.fn(),
     deleteCollaborator: jest.fn(),
+    findAndCheckAuth: jest.fn(),
   }
   const controller = new CheckerController({ service })