From 32127ae804eee1b1423a4ede8ea279b9588c47b0 Mon Sep 17 00:00:00 2001
From: Methapon2001 <61303214+Methapon2001@users.noreply.github.com>
Date: Wed, 10 Apr 2024 12:49:41 +0700
Subject: [PATCH] refactor: change condition order

---
 src/middlewares/auth-provider/keycloak.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/middlewares/auth-provider/keycloak.ts b/src/middlewares/auth-provider/keycloak.ts
index 05d856f..5201c36 100644
--- a/src/middlewares/auth-provider/keycloak.ts
+++ b/src/middlewares/auth-provider/keycloak.ts
@@ -45,7 +45,7 @@ export async function keycloakAuth(request: Express.Request, roles?: string[]) {
       }
   }
 
-  if (Array.isArray(roles) && roles.length > 0 && Array.isArray(payload.roles)) {
+  if (Array.isArray(payload.roles) && Array.isArray(roles) && roles.length > 0) {
     if (!roles.some((a: string) => payload.roles.includes(a))) {
       throw new HttpError(HttpStatus.FORBIDDEN, "คุณไม่มีสิทธิในการเข้าถึงข้อมูลดังกล่าว");
     }