epodol
diff --git a/‎firestore.rules‎
Lines changed: 2 additions & 1 deletion b/‎firestore.rules‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎functions/package-lock.json‎
Lines changed: 8 additions & 8 deletions b/‎functions/package-lock.json‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎functions/package.json‎
Lines changed: 1 addition & 1 deletion b/‎functions/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎functions/src/checkouts/checkinBook.ts‎
Lines changed: 1 addition & 1 deletion b/‎functions/src/checkouts/checkinBook.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎functions/src/checkouts/checkoutBook.ts‎
Lines changed: 1 addition & 1 deletion b/‎functions/src/checkouts/checkoutBook.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎functions/src/users/approveUser.ts‎
Lines changed: 3 additions & 8 deletions b/‎functions/src/users/approveUser.ts‎
Lines changed: 3 additions & 8 deletions
@@ -37,7 +37,8 @@ service cloud.firestore {
   }
 
       match /libraries/{library}/checkouts/{checkout} {
-        allow get, list: if library in request.auth.token.librariesJoined && (library in request.auth.token.permissions.CHECK_OUT || library in request.auth.token.permissions.MANAGE_CHECKOUTS || library in request.auth.token.librariesOwned);
+        allow get: if library in request.auth.token.librariesJoined && request.auth.uid == resource.data.userID;
+        allow list: if library in request.auth.token.librariesJoined && (library in request.auth.token.permissions.CHECK_OUT || library in request.auth.token.permissions.MANAGE_CHECKOUTS || library in request.auth.token.librariesOwned);
         allow update: if library in request.auth.token.librariesJoined && (library in request.auth.token.permissions.MANAGE_CHECKOUTS || library in request.auth.token.librariesOwned);
         allow create, delete: if false;
       }
 
@@ -23,7 +23,7 @@
     "node-fetch": "^3.2.10"
   },
   "devDependencies": {
-    "firebase-functions-test": "^2.2.0",
+    "firebase-functions-test": "^2.3.0",
     "jest": "^28.1.3"
   },
   "private": true
 
@@ -31,7 +31,7 @@ const checkinBook = functions
     }
 
     if (
-      !context.auth.token.permissions.CHECK_IN.includes(data.libraryID) &&
+      !context.auth.token.permissions?.CHECK_IN?.includes(data.libraryID) &&
       !context.auth.token.librariesOwned.includes(data.libraryID)
     ) {
       throw new functions.https.HttpsError(
 
@@ -33,7 +33,7 @@ const checkoutBook = functions
     }
 
     if (
-      !context.auth.token.permissions.CHECK_OUT.includes(data.libraryID) &&
+      !context.auth.token?.permissions?.CHECK_OUT?.includes(data.libraryID) &&
       !context.auth.token.librariesOwned.includes(data.libraryID)
     ) {
       throw new functions.https.HttpsError(
 
@@ -41,8 +41,6 @@ const approveUser = functions
       );
     }
 
-    console.log(data, typeof data.expiration);
-
     // Type Verification
     if (
       typeof data.firstName !== 'string' ||
@@ -116,12 +114,9 @@ const approveUser = functions
         const userClaims = user.customClaims;
 
         const newLibrariesJoined = [];
-        if (userClaims && Array.isArray(userClaims?.librariesJoined)) {
-          newLibrariesJoined.push(userClaims.librariesJoined);
-          newLibrariesJoined.push(data.libraryID);
-        } else {
-          newLibrariesJoined.push(data.libraryID);
-        }
+        if (userClaims && Array.isArray(userClaims?.librariesJoined))
+          newLibrariesJoined.push(...userClaims.librariesJoined);
+        newLibrariesJoined.push(data.libraryID);
 
         getAuth()
           .setCustomUserClaims(data.uid, {
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,8 @@ service cloud.firestore {`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`match /libraries/{library}/checkouts/{checkout} {`
`40`		`- allow get, list: if library in request.auth.token.librariesJoined && (library in request.auth.token.permissions.CHECK_OUT \|\| library in request.auth.token.permissions.MANAGE_CHECKOUTS \|\| library in request.auth.token.librariesOwned);`
	`40`	`+ allow get: if library in request.auth.token.librariesJoined && request.auth.uid == resource.data.userID;`
	`41`	`+ allow list: if library in request.auth.token.librariesJoined && (library in request.auth.token.permissions.CHECK_OUT \|\| library in request.auth.token.permissions.MANAGE_CHECKOUTS \|\| library in request.auth.token.librariesOwned);`
`41`	`42`	`allow update: if library in request.auth.token.librariesJoined && (library in request.auth.token.permissions.MANAGE_CHECKOUTS \|\| library in request.auth.token.librariesOwned);`
`42`	`43`	`allow create, delete: if false;`
`43`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ const checkinBook = functions`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`if (`
`34`		`- !context.auth.token.permissions.CHECK_IN.includes(data.libraryID) &&`
	`34`	`+ !context.auth.token.permissions?.CHECK_IN?.includes(data.libraryID) &&`
`35`	`35`	`!context.auth.token.librariesOwned.includes(data.libraryID)`
`36`	`36`	`) {`
`37`	`37`	`throw new functions.https.HttpsError(`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ const checkoutBook = functions`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`if (`
`36`		`- !context.auth.token.permissions.CHECK_OUT.includes(data.libraryID) &&`
	`36`	`+ !context.auth.token?.permissions?.CHECK_OUT?.includes(data.libraryID) &&`
`37`	`37`	`!context.auth.token.librariesOwned.includes(data.libraryID)`
`38`	`38`	`) {`
`39`	`39`	`throw new functions.https.HttpsError(`