Added authorization requirements for posting and deleting reports (#413)

* feat:added authorization requirements for posting and deleting reports

* fix: linting use

Author: timobraz

api/src/controllers/reports.ts

@@ -13,6 +13,8 @@ const router = express.Router();
  * Get all reports
  */
 router.get('/', async (req, res) => {
+  if (!req.session.passport) return res.status(401).send('Unathenticated');
+  if (!req.session.passport.admin) return res.status(403).send('Unauthorized');
   const reports = await getDocuments(COLLECTION_NAMES.REPORTS, {}); // get all reports in collection
 
   res.json(reports);
@@ -34,6 +36,8 @@ router.post('/', async (req, res) => {
  */
 router.delete('/', async (req, res) => {
   let status;
+  if (!req.session.passport) return res.status(401).send('Unathenticated');
+  if (!req.session.passport.admin) return res.status(403).send('Unauthorized');
   if (req.body.id) {
     console.log(`Deleting report ${req.body.id}`);
     status = await deleteDocument(COLLECTION_NAMES.REPORTS, {