(req, res, next)
| 19 | }; |
| 20 | |
| 21 | const checkAccess = async (req, res, next) => { |
| 22 | try { |
| 23 | const teamId = req.body?.teamId || req.query?.teamId || req.params?.teamId; |
| 24 | |
| 25 | if (!teamId) { |
| 26 | return res.status(400).json({ error: "teamId is required" }); |
| 27 | } |
| 28 | |
| 29 | const teamController = new TeamController(); |
| 30 | const teamRole = await teamController.getTeamRole(teamId, req.user.id); |
| 31 | |
| 32 | if (!teamRole?.role || !["teamOwner", "teamAdmin"].includes(teamRole.role)) { |
| 33 | return res.status(403).json({ error: "Access denied" }); |
| 34 | } |
| 35 | |
| 36 | return next(); |
| 37 | } catch (error) { |
| 38 | return res.status(500).json({ error: error.message || "Access check failed" }); |
| 39 | } |
| 40 | }; |
| 41 | |
| 42 | const isOpenAiApiKeySet = () => { |
| 43 | if (process.env.NODE_ENV === "production") { |
nothing calls this directly
no test coverage detected