backend: Correct permissions reference in recording middleware for retrieval and deletion. Reorder recording routes definition for clarity

2025-05-11 14:02:25 +02:00 · 2025-05-11 14:02:25 +02:00 · 8b2d0dd34c
commit 8b2d0dd34c
parent 0b00153349
2 changed files with 16 additions and 17 deletions
--- a/backend/src/middlewares/recording.middleware.ts
+++ b/backend/src/middlewares/recording.middleware.ts
@ -73,7 +73,7 @@ export const withCanRetrieveRecordingsPermission = async (req: Request, res: Res

 	const sameRoom = roomId ? payload.video?.room === roomId : true;
 	const metadata = JSON.parse(payload.metadata || '{}');
-	const permissions = metadata.permissions as RecordingPermissions | undefined;
+	const permissions = metadata.recordingPermissions as RecordingPermissions | undefined;
 	const canRetrieveRecordings = permissions?.canRetrieveRecordings;

 	if (!sameRoom || !canRetrieveRecordings) {
@ -96,7 +96,7 @@ export const withCanDeleteRecordingsPermission = async (req: Request, res: Respo

 	const sameRoom = payload.video?.room === roomId;
 	const metadata = JSON.parse(payload.metadata || '{}');
-	const permissions = metadata.permissions as RecordingPermissions | undefined;
+	const permissions = metadata.recordingPermissions as RecordingPermissions | undefined;
 	const canDeleteRecordings = permissions?.canDeleteRecordings;

 	if (!sameRoom || !canDeleteRecordings) {
--- a/backend/src/routes/recording.routes.ts
+++ b/backend/src/routes/recording.routes.ts
@ -25,20 +25,6 @@ recordingRouter.use(bodyParser.urlencoded({ extended: true }));
 recordingRouter.use(bodyParser.json());

 // Recording Routes
-recordingRouter.delete(
-	'/:recordingId',
-	withAuth(apiKeyValidator, tokenAndRoleValidator(UserRole.ADMIN), recordingTokenValidator),
-	withValidRecordingId,
-	withCanDeleteRecordingsPermission,
-	recordingCtrl.deleteRecording
-);
-recordingRouter.get(
-	'/:recordingId',
-	withAuth(apiKeyValidator, tokenAndRoleValidator(UserRole.ADMIN), recordingTokenValidator),
-	withValidRecordingId,
-	withCanRetrieveRecordingsPermission,
-	recordingCtrl.getRecording
-);
 recordingRouter.get(
 	'/',
 	withAuth(apiKeyValidator, tokenAndRoleValidator(UserRole.ADMIN), recordingTokenValidator),
@ -52,6 +38,20 @@ recordingRouter.delete(
 	withValidRecordingBulkDeleteRequest,
 	recordingCtrl.bulkDeleteRecordings
 );
+recordingRouter.get(
+	'/:recordingId',
+	withAuth(apiKeyValidator, tokenAndRoleValidator(UserRole.ADMIN), recordingTokenValidator),
+	withValidRecordingId,
+	withCanRetrieveRecordingsPermission,
+	recordingCtrl.getRecording
+);
+recordingRouter.delete(
+	'/:recordingId',
+	withAuth(apiKeyValidator, tokenAndRoleValidator(UserRole.ADMIN), recordingTokenValidator),
+	withValidRecordingId,
+	withCanDeleteRecordingsPermission,
+	recordingCtrl.deleteRecording
+);
 recordingRouter.get(
 	'/:recordingId/media',
 	withValidGetMediaRequest,
@ -73,7 +73,6 @@ internalRecordingRouter.post(
 	withCanRecordPermission,
 	recordingCtrl.startRecording
 );
-
 internalRecordingRouter.post(
 	'/:recordingId/stop',
 	withValidRecordingId,