Sửa chữa giao diện, lỗi privacy

2026-06-11 09:02:54 +07:00
parent edd91d4d64
commit be149f26ca
9 changed files with 236 additions and 64 deletions
@@ -34,7 +34,7 @@ router.post('/create', protect, async (req, res) => {
        const { parent_scene_id, target_scene_id, title, description, coordinates } = req.body;
        
        const parentScene = await Scene.findById(parent_scene_id);
-        if (!parentScene || parentScene.createdBy.toString() !== req.user._id.toString()) {
+        if (!parentScene || (parentScene.createdBy.toString() !== req.user._id.toString() && req.user.role !== 'admin')) {
            return res.status(403).json({ message: 'Không có quyền tạo hotspot cho scene này' });
        }

@@ -102,7 +102,7 @@ router.put('/update/:id', protect, async (req, res) => {
        if (!hotspot) return res.status(404).json({ message: 'Hotspot không tồn tại' });

        const parentScene = await Scene.findById(hotspot.parent_scene_id);
-        if (parentScene.createdBy.toString() !== req.user._id.toString()) {
+        if (parentScene.createdBy.toString() !== req.user._id.toString() && req.user.role !== 'admin') {
            return res.status(403).json({ message: 'Không có quyền cập nhật' });
        }

@@ -141,7 +141,7 @@ router.delete('/delete/:id', protect, async (req, res) => {
        if (!hotspot) return res.status(404).json({ message: 'Hotspot không tồn tại' });

        const parentScene = await Scene.findById(hotspot.parent_scene_id);
-        if (parentScene.createdBy.toString() !== req.user._id.toString()) {
+        if (parentScene.createdBy.toString() !== req.user._id.toString() && req.user.role !== 'admin') {
            return res.status(403).json({ message: 'Không có quyền xóa' });
        }

@@ -216,7 +216,7 @@ router.put('/:id', protect, uploadSinglePanorama, async (req, res) => {
        const { title, description, privacy, sharedWithUsers, sharedEmails, shareExpireDays, lat, lng } = req.body;
        const scene = await Scene.findById(req.params.id);

-        if (!scene || scene.createdBy.toString() !== req.user._id.toString()) {
+        if (!scene || (scene.createdBy.toString() !== req.user._id.toString() && req.user.role !== 'admin')) {
            return res.status(403).json({ message: 'Not authorized' });
        }