From 529509dacdd6eb279597dc2f21c010bc2c42e9f7 Mon Sep 17 00:00:00 2001
From: Quincy Blake <qblakes@gmail.com>
Date: Fri, 25 Aug 2023 00:37:04 -0400
Subject: [PATCH] auth for addMember

---
 api/api.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/api/api.py b/api/api.py
index d0ca3fe2..f3bf106e 100644
--- a/api/api.py
+++ b/api/api.py
@@ -66,8 +66,16 @@ def apiGetMemberDetailsByID(id):
 
 @app.route("/addMember", methods=["POST"])
 def apiAddMember():
-    try:   
-        queries.createNewMember(request.get_json())
-        return "OK", 200
+    token = request.headers["token"]
+    try:
+        permission = authenticate.getRolePermission(token, 'put')
     except:
-        return "Error", 500
\ No newline at end of file
+        return "Forbidden", 403
+    if permission == True:
+        try:   
+            queries.createNewMember(request.get_json())
+            return "OK", 200
+        except:
+            return "Error", 500
+    else:
+        return "Forbidden", 403
\ No newline at end of file