Fix: 403 error on owned items

ntcho · ntcho · commit ba062bb5f63d · 2021-10-16T14:45:19.000+09:00
_id is ObjectId object, not string.
diff --git a/backend/controllers/itemController.js b/backend/controllers/itemController.js
@@ -54,7 +54,7 @@ module.exports = {
 
             // Check session's read authority
             const user = await userService.findOne({ serviceNumber: res.locals.serviceNumber });
-            if(!item.accessGroups.read.some(i => i.equals(user.group)) && item.owner._id !== res.locals._id)
+            if(!item.accessGroups.read.some(i => i.equals(user.group)) && item.owner._id.toString() !== res.locals._id.toString())
                 throw new ForbiddenError(`Access denied: 열람 권한이 없습니다.`);
 
             res.status(200).send(item);
