@@ -72,7 +72,8 @@ func (r *mutationResolver) UpdateUser(ctx context.Context, id string, input mode
7272 if ! ok {
7373 return nil , errors .New ("unable to retrieve user claims, most likely forgot to set @hasRole directive" )
7474 }
75- if claims .Role != models .RoleAdmin && claims .Id != id {
75+
76+ if claims .Role != models .RoleAdmin && claims .UserID != id {
7677 return nil , errors .New ("unauthorized to update user that is not you" )
7778 }
7879
@@ -85,7 +86,7 @@ func (r *mutationResolver) DeleteUser(ctx context.Context, id string) (bool, err
8586 if ! ok {
8687 return false , errors .New ("unable to retrieve user claims, most likely forgot to set @hasRole directive" )
8788 }
88- if claims .Role != models .RoleAdmin && claims .Id != id {
89+ if claims .Role != models .RoleAdmin && claims .UserID != id {
8990 return false , errors .New ("unauthorized to update user that is not you" )
9091 }
9192 return r .Repository .DeleteUser (ctx , id )
@@ -97,7 +98,7 @@ func (r *mutationResolver) AddAPIKey(ctx context.Context, userID string) (*model
9798 if ! ok {
9899 return nil , errors .New ("unable to retrieve user claims, most likely forgot to set @hasRole directive" )
99100 }
100- if claims .Role != models .RoleAdmin && claims .Id != userID {
101+ if claims .Role != models .RoleAdmin && claims .UserID != userID {
101102 return nil , errors .New ("unauthorized to add an api key" )
102103 }
103104 return r .Repository .AddAPIKey (ctx , userID , GenerateAPIKey (100 ))
@@ -109,7 +110,7 @@ func (r *mutationResolver) DeleteAPIKey(ctx context.Context, userID string) (boo
109110 if ! ok {
110111 return false , errors .New ("unable to retrieve user claims, most likely forgot to set @hasRole directive" )
111112 }
112- if claims .Role != models .RoleAdmin && claims .Id != userID {
113+ if claims .Role != models .RoleAdmin && claims .UserID != userID {
113114 return false , errors .New ("unauthorized to add an api key" )
114115 }
115116 err := r .Repository .DeleteAPIKey (ctx , userID )
0 commit comments