From c28354ed2db4795cf2978b8f10e707298ddcba8a Mon Sep 17 00:00:00 2001
From: Alex <$(pass /github/email)>
Date: Sat, 1 Mar 2025 14:40:00 +0100
Subject: [PATCH] added missing ! to hasprivilige lol

---
 frontend/src/hooks.server.js                           | 2 --
 frontend/src/routes/auth/admin/users/+layout.server.js | 9 +++++----
 go-backend/internal/controllers/user_controller.go     | 4 ++--
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/frontend/src/hooks.server.js b/frontend/src/hooks.server.js
index 7ce7b79..763044c 100644
--- a/frontend/src/hooks.server.js
+++ b/frontend/src/hooks.server.js
@@ -3,8 +3,6 @@ import { refreshCookie, userDatesFromRFC3339 } from '$lib/utils/helpers';
 
 /** @type {import('@sveltejs/kit').Handle} */
 export async function handle({ event, resolve }) {
-	console.log('BaseApiUrl:', `${BASE_API_URI}`);
-	console.log('System operates in ', import.meta.env.MODE);
 	if (event.locals.user) {
 		// if there is already a user  in session load page as normal
 		console.log('user is logged in');
diff --git a/frontend/src/routes/auth/admin/users/+layout.server.js b/frontend/src/routes/auth/admin/users/+layout.server.js
index 68ca066..b16803f 100644
--- a/frontend/src/routes/auth/admin/users/+layout.server.js
+++ b/frontend/src/routes/auth/admin/users/+layout.server.js
@@ -20,10 +20,6 @@ export async function load({ cookies, fetch, locals }) {
 		}
 
 		const data = await response.json();
-		// Check if the server sent a new token
-		const newToken = response.headers.get('Set-Cookie');
-		refreshCookie(newToken, cookies);
-
 		/** @type {App.Locals['users']}*/
 		const users = data.users;
 
@@ -32,6 +28,11 @@ export async function load({ cookies, fetch, locals }) {
 		});
 
 		locals.users = users;
+
+		// Check if the server sent a new token
+		const newToken = response.headers.get('Set-Cookie');
+		refreshCookie(newToken, cookies);
+
 		return {
 			subscriptions: locals.subscriptions,
 			licence_categories: locals.licence_categories,
diff --git a/go-backend/internal/controllers/user_controller.go b/go-backend/internal/controllers/user_controller.go
index d7b2e54..5bbee7b 100644
--- a/go-backend/internal/controllers/user_controller.go
+++ b/go-backend/internal/controllers/user_controller.go
@@ -51,8 +51,8 @@ func (uc *UserController) GetAllUsers(c *gin.Context) {
 		utils.RespondWithError(c, err, "Error extracting user from context in UpdateHandler", http.StatusBadRequest, errors.Responses.Fields.User, errors.Responses.Keys.NoAuthToken)
 		return
 	}
-	if utils.HasPrivilige(requestUser, constants.Priviliges.View) {
-		utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to update user", http.StatusForbidden, errors.Responses.Fields.User, errors.Responses.Keys.Unauthorized)
+	if !utils.HasPrivilige(requestUser, constants.Priviliges.View) {
+		utils.RespondWithError(c, errors.ErrNotAuthorized, fmt.Sprintf("Not allowed to handle all users. RoleID(%v)<Privilige(%v)", requestUser.RoleID, constants.Priviliges.View), http.StatusForbidden, errors.Responses.Fields.User, errors.Responses.Keys.Unauthorized)
 		return
 	}