From c6697f4552bba0566c4b932e497ac693b5445d1e Mon Sep 17 00:00:00 2001
From: Aydan Pirani <aydanpirani@gmail.com>
Date: Tue, 21 May 2024 23:05:30 -0700
Subject: [PATCH 1/2] Added staff-level role

---
 src/middleware/role-checker.ts   | 4 ++--
 src/services/auth/auth-models.ts | 2 +-
 src/services/s3/s3-router.ts     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/middleware/role-checker.ts b/src/middleware/role-checker.ts
index 9f7b8b7..ee27cfc 100644
--- a/src/middleware/role-checker.ts
+++ b/src/middleware/role-checker.ts
@@ -40,8 +40,8 @@ export default function RoleChecker(
                 return next();
             }
 
-            // Admins (staff) can access any endpoint
-            if (userRoles.includes(Role.Enum.ADMIN)) {
+            // Admins and staff can access any endpoint
+            if (userRoles.includes(Role.Enum.ADMIN) || userRoles.includes(Role.Enum.STAFF)) {
                 return next();
             }
 
diff --git a/src/services/auth/auth-models.ts b/src/services/auth/auth-models.ts
index 2dbed28..07cfb61 100644
--- a/src/services/auth/auth-models.ts
+++ b/src/services/auth/auth-models.ts
@@ -1,6 +1,6 @@
 import { z } from "zod";
 
-export const Role = z.enum(["USER", "ADMIN", "CORPORATE"]);
+export const Role = z.enum(["USER", "STAFF", "ADMIN", "CORPORATE"]);
 
 export const JwtPayloadValidator = z.object({
     userId: z.string(),
diff --git a/src/services/s3/s3-router.ts b/src/services/s3/s3-router.ts
index 8682ad1..cc417e3 100644
--- a/src/services/s3/s3-router.ts
+++ b/src/services/s3/s3-router.ts
@@ -63,7 +63,7 @@ s3Router.get(
 
 s3Router.get(
     "/download/:USERID",
-    RoleChecker([Role.enum.ADMIN], false),
+    RoleChecker([Role.enum.STAFF], false),
     s3ClientMiddleware,
     async (req: Request, res: Response) => {
         const userId: string = req.params.USERID;

From 2b1db996ee285061745817c0a36c85117c468c02 Mon Sep 17 00:00:00 2001
From: Aydan Pirani <aydanpirani@gmail.com>
Date: Tue, 21 May 2024 23:06:35 -0700
Subject: [PATCH 2/2] Fixed linter

---
 src/middleware/role-checker.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/middleware/role-checker.ts b/src/middleware/role-checker.ts
index ee27cfc..cdd58ab 100644
--- a/src/middleware/role-checker.ts
+++ b/src/middleware/role-checker.ts
@@ -41,7 +41,10 @@ export default function RoleChecker(
             }
 
             // Admins and staff can access any endpoint
-            if (userRoles.includes(Role.Enum.ADMIN) || userRoles.includes(Role.Enum.STAFF)) {
+            if (
+                userRoles.includes(Role.Enum.ADMIN) ||
+                userRoles.includes(Role.Enum.STAFF)
+            ) {
                 return next();
             }