chrisbekk
commented
10 months ago A solution for this issue seems to be related to the controller, specifically findCompanyById.js. When a user queries the database, a generic response is returned, where some company data is excluded by default.
As the image above illustrates, verifiedAdminis set to false by default, but a logic check is never run in order to change this value depending on the user's role. A solution to this issue is therefore to inject an if-block and check if the user is of role 'admin' or not, and change the value of verifiedAdmin according to this check.
It looks like this solution was already thought about when the code was written, but it was never fully implemented.
A regular user should be able to see a company and its public details, but an admin to that company should have access to view more information regarding its listings, applications and offers.