From 75d713240990d2778c69f2c3c0386c612c0edca8 Mon Sep 17 00:00:00 2001
From: Stuart Long Chay Boon <chayboon@gmail.com>
Date: Thu, 17 Nov 2022 18:15:07 +0800
Subject: [PATCH] [offers][fix] add check if admin for list endpoint

---
 .../server/router/offers/offers-admin-router.ts    | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/apps/portal/src/server/router/offers/offers-admin-router.ts b/apps/portal/src/server/router/offers/offers-admin-router.ts
index cd923d07..62d57ea4 100644
--- a/apps/portal/src/server/router/offers/offers-admin-router.ts
+++ b/apps/portal/src/server/router/offers/offers-admin-router.ts
@@ -64,6 +64,20 @@ export const offerAdminRouter = createProtectedRouter().query('list', {
     yoeMin: z.number().min(0).nullish(),
   }),
   async resolve({ ctx, input }) {
+    const userId = ctx.session.user.id;
+    const adminAccount = await ctx.prisma.offersAdmin.findFirst({
+      where: {
+        userId
+      }
+    })
+
+    if (!adminAccount) {
+      throw new TRPCError({
+        code: 'UNAUTHORIZED',
+        message: 'Not an admin.',
+      });
+    }
+
     const yoeRange = getYoeRange(input.yoeCategory);
     const yoeMin = input.yoeMin != null ? input.yoeMin : yoeRange?.minYoe;
     const yoeMax = input.yoeMax != null ? input.yoeMax : yoeRange?.maxYoe;