From 4e1c7abf8018b47b2ff269b0d9dff86477d29db6 Mon Sep 17 00:00:00 2001
From: regularmute <93884347+Regularmute@users.noreply.github.com>
Date: Tue, 30 Apr 2024 16:28:18 +0300
Subject: [PATCH] fix: all timelogs being visible to all students

Something seems to be wrong with the instructor checking, so this
commit prevents anyone but admin from fetching all time logs.
---
 backend/controllers/timeLogs.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/controllers/timeLogs.js b/backend/controllers/timeLogs.js
index 7d72abdd..0efe78f8 100644
--- a/backend/controllers/timeLogs.js
+++ b/backend/controllers/timeLogs.js
@@ -171,7 +171,7 @@ const fetchAllFromDb = async () => {
 
 timeLogsRouter.get('/', checkLogin, async (req, res) => {
   try {
-    if (req.user.admin || req.user.instructor) {
+    if (req.user.admin) {
       const timeLogs = await fetchAllFromDb()
       return res.status(200).json(timeLogs)
     }