From ccfa28877ce953002dc15728a34b9c5c60e8ad39 Mon Sep 17 00:00:00 2001
From: Patrick Mueller <patrick@mueller-patrick.tech>
Date: Sun, 25 Dec 2022 18:24:18 +0100
Subject: [PATCH] Adjust privileges mgmt

---
 .../calendar/events/credentials.service.ts       | 16 ++++++++++++++--
 src/models/calendar/events/events.router.ts      |  2 +-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/models/calendar/events/credentials.service.ts b/src/models/calendar/events/credentials.service.ts
index ee302bc..153bd7b 100644
--- a/src/models/calendar/events/credentials.service.ts
+++ b/src/models/calendar/events/credentials.service.ts
@@ -3,16 +3,28 @@ import * as dotenv from 'dotenv';
 
 dotenv.config();
 
+/**
+ * Checks if the password gives admin privileges (view / create / edit / delete)
+ * @param password
+ */
 export const checkAdminPrivileges = (password: string) => {
 	return password == process.env.ADMIN_CREDENTIAL;
 }
 
+/**
+ * Checks if the password gives member view privileges
+ * @param password
+ */
 export const checkMemberPrivileges = (password: string) => {
-	return password == process.env.MEMBER_CREDENTIAL;
+	return password == process.env.MEMBER_CREDENTIAL || password == process.env.ADMIN_CREDENTIAL;
 }
 
+/**
+ * Checks if the password gives management view privileges
+ * @param password
+ */
 export const checkManagementPrivileges = (password: string) => {
-	return password == process.env.MANAGEMENT_CREDENTIAL;
+	return password == process.env.MANAGEMENT_CREDENTIAL || password == process.env.ADMIN_CREDENTIAL;
 }
 
 export const hasAccess = (calendarName: string, password: string) => {
diff --git a/src/models/calendar/events/events.router.ts b/src/models/calendar/events/events.router.ts
index aef0ddf..85dac14 100644
--- a/src/models/calendar/events/events.router.ts
+++ b/src/models/calendar/events/events.router.ts
@@ -244,7 +244,7 @@ eventsRouter.delete('/:eventId', async (req: Request, res: Response) => {
 		let success = await EventService.deleteEvent(event);
 
 		if (success) {
-			res.status(200).send({'message': 'Event was successfully updated'});
+			res.status(200).send({'message': 'Event was successfully deleted'});
 		} else {
 			res.status(500).send({'message': 'An error occurred during deletion. Please try again.'});
 		}