backend: enhance room member access authorization to allow users to access their own member info

2026-01-12 10:23:39 +01:00 · 2026-01-12 10:23:39 +01:00 · 1d2ebd8be3
commit 1d2ebd8be3
parent 4390573021
1 changed files with 8 additions and 2 deletions
--- a/meet-ce/backend/src/middlewares/room-member.middleware.ts
+++ b/meet-ce/backend/src/middlewares/room-member.middleware.ts
@ -15,7 +15,8 @@ import { allowAnonymous, AuthValidator, tokenAndRoleValidator, withAuth } from '
 /**
 * Middleware to authorize access to specific room member information.
 *
- * - If the user is a registered user, checks if they have management permissions (admin or owner).
+ * - If the user is a registered user, checks if they have management permissions (admin or owner),
+ *  or if they are accessing their own member info.
 * - If the user is authenticated via room member token, checks if they are accessing their own info.
 */
 export const authorizeRoomMemberAccess = async (req: Request, res: Response, next: NextFunction) => {
@ -43,6 +44,11 @@ export const authorizeRoomMemberAccess = async (req: Request, res: Response, nex
 		if (isOwner) {
 			return next();
 		}
+
+		if (user.userId === memberId) {
+			// If the user is trying to access their own member info, allow it
+			return next();
+		}
 	}

 	// Scenario 2: Room Member Token
@ -93,7 +99,7 @@ export const authorizeRoomMemberTokenGeneration = async (req: Request, res: Resp
 	const requestSessionService = container.get(RequestSessionService);
 	const roomService = container.get(RoomService);
 	const roomMemberService = container.get(RoomMemberService);
-	
+
 	const user = requestSessionService.getAuthenticatedUser();

 	const forbiddenError = errorInsufficientPermissions();