summary refs log tree commit diff
path: root/src/api/routes/budgetRoutes.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/api/routes/budgetRoutes.js')
-rw-r--r--src/api/routes/budgetRoutes.js17
1 files changed, 11 insertions, 6 deletions
diff --git a/src/api/routes/budgetRoutes.js b/src/api/routes/budgetRoutes.js

index d7ebde4..4ad4897 100644
--- a/src/api/routes/budgetRoutes.js
+++ b/src/api/routes/budgetRoutes.js
@@ -1,7 +1,7 @@
 import {
     requireMonitor,
     requireUser,
-    validateAuth
+    requireRole
 } from '#api/middlewares/index.js';
 import { UserType } from '#db/schemas/index.js';
 import {
@@ -10,25 +10,30 @@ import {
     RouteMethodList
 } from '#api/RouteDescription.js';
 import { getUserById } from '#db/dbAccess/index.js';
+import { SafeNSoundError } from '#util/error.js';
 
 /**
  * @type {RouteDescription}
  */
 export const getBudgetByUserRoute = {
     path: '/budget/:id',
-    methods: new RouteMethodList({
+    methods: {
         get: new RouteMethod({
             middlewares: [requireMonitor],
             async method(req, res) {
                 if (req.user.type !== UserType.ADMIN) {
                     if (!req.user.monitoredUsers.includes(req.params.id))
-                        throw new Error('meow');
+                        throw new SafeNSoundError({
+                            errCode: 'UNAUTHORIZED',
+                            message:
+                                "You do not have permission to access this user's budget."
+                        });
                 }
-                //if (!req.)
-                //                const user = await getUserById(req.);
+                const user = await getUserById(req.params.id);
+                res.send({ balance: user.balance });
             }
         })
-    })
+    }
 };
 
 /**
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-06-29 20:02:01 +0000