DK404/CentralBackend
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add caching prevention headers to getUserPermissions method

Browse Source
This commit is contained in:
seaznCode 2026-01-18 21:09:18 +01:00
parent 2a69b83d84
commit 2d1557d5ec
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
controller/permissions/PermissionController.js
View File

@ -36,6 +36,11 @@ class PermissionController {
} }
static async getUserPermissions(req, res) { static async getUserPermissions(req, res) {
// Prevent caching of permission responses
res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private');
res.set('Pragma', 'no-cache');
res.set('Vary', 'Authorization');
// Access control: only self or admin/super_admin can view // Access control: only self or admin/super_admin can view
const requestedUserId = Number(req.params.id); const requestedUserId = Number(req.params.id);
const requesterUserId = Number(req.user.userId ?? req.user.id ?? req.user.sub); const requesterUserId = Number(req.user.userId ?? req.user.id ?? req.user.sub);