From fb044a4535a072b0b80ea42fef6dcbb7113e81fa Mon Sep 17 00:00:00 2001
From: Mayank Mishra <mayank.mishra@wdimails.com>
Date: Thu, 13 Nov 2025 19:45:28 +0530
Subject: [PATCH] added new condition for security

---
 src/modules/minglaradmin/handlers/registration.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/modules/minglaradmin/handlers/registration.ts b/src/modules/minglaradmin/handlers/registration.ts
index 85841b7..a4ae84c 100644
--- a/src/modules/minglaradmin/handlers/registration.ts
+++ b/src/modules/minglaradmin/handlers/registration.ts
@@ -5,6 +5,7 @@ import { PrismaService } from '../../../common/database/prisma.service';
 import ApiError from '../../../common/utils/helper/ApiError';
 import * as bcrypt from 'bcryptjs';
 import { generateOtpHelper } from '../../../common/utils/helper/sendOtp';
+import { ROLE } from '@/common/utils/constants/common.constant';
 
 const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
@@ -33,7 +34,7 @@ export const handler = safeHandler(async (
     select: { emailAddress: true, id: true, userPassword: true, roleXid: true },
   });
 
-  if(!user){
+  if(!user || ![ROLE.MINGLAR_ADMIN, ROLE.CO_ADMIN, ROLE.ACCOUNT_MANAGER].includes(user.roleXid)){
     throw new ApiError(404, 'You are not allowed to register directly. Please contact minglar admin.');
   }