diff --git a/next/api/src/controller/group.ts b/next/api/src/controller/group.ts index 576c9316c..60251b63c 100644 --- a/next/api/src/controller/group.ts +++ b/next/api/src/controller/group.ts @@ -87,7 +87,7 @@ export class GroupController { } @Get(':id') - async findOne(@Param('id', new FindModelPipe(Group)) group: Group) { + async findOne(@Param('id', new FindModelPipe(Group, { useMasterKey: true })) group: Group) { const role = await this.findGroupRole(group, { useMasterKey: true }); const users = await role.getUsers().query().find({ useMasterKey: true }); const userIds = users.map((u) => u.id!); diff --git a/next/api/src/controller/ticket.ts b/next/api/src/controller/ticket.ts index 67dcd84e3..803cedc2b 100644 --- a/next/api/src/controller/ticket.ts +++ b/next/api/src/controller/ticket.ts @@ -14,7 +14,7 @@ import { UseMiddlewares, } from '@/common/http'; import { ZodValidationPipe } from '@/common/pipe'; -import { customerServiceOnly } from '@/middleware'; +import { customerServiceOnly, staffOnly } from '@/middleware'; import { UpdateData } from '@/orm'; import router from '@/router/ticket'; import { Ticket } from '@/model/Ticket'; @@ -27,7 +27,7 @@ const createAssociatedTicketSchema = z.object({ @Controller({ router, path: 'tickets' }) export class TicketController { @Get(':id/associated-tickets') - @UseMiddlewares(customerServiceOnly) + @UseMiddlewares(staffOnly) @ResponseBody(TicketListItemResponse) getAssociatedTickets(@Ctx() ctx: Context) { const ticket = ctx.state.ticket as Ticket; diff --git a/next/api/src/controller/user.ts b/next/api/src/controller/user.ts index 2d2b2b50f..8d0c17e5c 100644 --- a/next/api/src/controller/user.ts +++ b/next/api/src/controller/user.ts @@ -110,7 +110,7 @@ export class UserController { @Get(':id') @UseMiddlewares(auth, staffOnly) @ResponseBody(UserResponse) - findOne(@Param('id', new FindModelPipe(User)) user: User) { + findOne(@Param('id', new FindModelPipe(User, {useMasterKey: true})) user: User) { return user; }