From 6742bf724f25c4a0a499cf44f6be4c8e07d2fdd8 Mon Sep 17 00:00:00 2001
From: stringsplit <77242831+nbitzz@users.noreply.github.com>
Date: Mon, 2 Oct 2023 19:18:29 -0700
Subject: [PATCH] token-permissions: update fileApiRoutes

---
 src/server/routes/fileApiRoutes.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/server/routes/fileApiRoutes.ts b/src/server/routes/fileApiRoutes.ts
index 8953a84..f64d141 100644
--- a/src/server/routes/fileApiRoutes.ts
+++ b/src/server/routes/fileApiRoutes.ts
@@ -7,7 +7,7 @@ import {writeFile} from "fs";
 
 import ServeError from "../lib/errors";
 import Files from "../lib/files";
-import { getAccount, requiresAccount } from "../lib/middleware";
+import { getAccount, requiresAccount, requiresPermissions } from "../lib/middleware";
 
 let parser = bodyParser.json({
     type: ["text/plain","application/json"]
@@ -24,7 +24,7 @@ let config = require(`${process.cwd()}/config.json`)
 
 fileApiRoutes.use(getAccount);
 
-fileApiRoutes.get("/list", requiresAccount, (req,res) => {
+fileApiRoutes.get("/list", requiresAccount, requiresPermissions("user"), (req,res) => {
 
     let acc = res.locals.acc as Accounts.Account
     
@@ -44,7 +44,7 @@ fileApiRoutes.get("/list", requiresAccount, (req,res) => {
 
 })
 
-fileApiRoutes.post("/manage", parser, (req,res) => {
+fileApiRoutes.post("/manage", parser, requiresPermissions("manage"), (req,res) => {
 
     let acc = res.locals.acc as Accounts.Account