From 2d1557d5ec2353d26fef967dde7ba05adc575ab6 Mon Sep 17 00:00:00 2001
From: seaznCode <alexander.atmn@gmail.com>
Date: Sun, 18 Jan 2026 21:09:18 +0100
Subject: [PATCH] feat: add caching prevention headers to getUserPermissions
 method

---
 controller/permissions/PermissionController.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/controller/permissions/PermissionController.js b/controller/permissions/PermissionController.js
index 51a0424..02d50c7 100644
--- a/controller/permissions/PermissionController.js
+++ b/controller/permissions/PermissionController.js
@@ -36,6 +36,11 @@ class PermissionController {
   }
 
   static async getUserPermissions(req, res) {
+    // Prevent caching of permission responses
+    res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private');
+    res.set('Pragma', 'no-cache');
+    res.set('Vary', 'Authorization');
+
     // Access control: only self or admin/super_admin can view
     const requestedUserId = Number(req.params.id);
     const requesterUserId = Number(req.user.userId ?? req.user.id ?? req.user.sub);