From 1d2ebd8be3f9913d3d0ca6810b1a5b2e51d74aef Mon Sep 17 00:00:00 2001 From: juancarmore Date: Mon, 12 Jan 2026 10:23:39 +0100 Subject: [PATCH] backend: enhance room member access authorization to allow users to access their own member info --- .../backend/src/middlewares/room-member.middleware.ts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/meet-ce/backend/src/middlewares/room-member.middleware.ts b/meet-ce/backend/src/middlewares/room-member.middleware.ts index 8df16576..7fa64f0d 100644 --- a/meet-ce/backend/src/middlewares/room-member.middleware.ts +++ b/meet-ce/backend/src/middlewares/room-member.middleware.ts @@ -15,7 +15,8 @@ import { allowAnonymous, AuthValidator, tokenAndRoleValidator, withAuth } from ' /** * Middleware to authorize access to specific room member information. * - * - If the user is a registered user, checks if they have management permissions (admin or owner). + * - If the user is a registered user, checks if they have management permissions (admin or owner), + * or if they are accessing their own member info. * - If the user is authenticated via room member token, checks if they are accessing their own info. */ export const authorizeRoomMemberAccess = async (req: Request, res: Response, next: NextFunction) => { @@ -43,6 +44,11 @@ export const authorizeRoomMemberAccess = async (req: Request, res: Response, nex if (isOwner) { return next(); } + + if (user.userId === memberId) { + // If the user is trying to access their own member info, allow it + return next(); + } } // Scenario 2: Room Member Token @@ -93,7 +99,7 @@ export const authorizeRoomMemberTokenGeneration = async (req: Request, res: Resp const requestSessionService = container.get(RequestSessionService); const roomService = container.get(RoomService); const roomMemberService = container.get(RoomMemberService); - + const user = requestSessionService.getAuthenticatedUser(); const forbiddenError = errorInsufficientPermissions();