(actionType = "readOwn")
| 75 | }; |
| 76 | |
| 77 | const checkPermissions = (actionType = "readOwn") => { |
| 78 | return async (req, res, next) => { |
| 79 | const { team_id } = req.params; |
| 80 | |
| 81 | // Fetch the TeamRole for the user |
| 82 | const teamRole = await teamController.getTeamRole(team_id, req.user.id); |
| 83 | |
| 84 | if (!teamRole) { |
| 85 | return res.status(403).json({ message: "Access denied" }); |
| 86 | } |
| 87 | |
| 88 | const permission = accessControl.can(teamRole.role)[actionType]("connection"); |
| 89 | if (!permission.granted) { |
| 90 | return res.status(403).json({ message: "Access denied" }); |
| 91 | } |
| 92 | |
| 93 | const { role, projects } = teamRole; |
| 94 | |
| 95 | // Handle permissions for teamOwner and teamAdmin |
| 96 | if (["teamOwner", "teamAdmin"].includes(role)) { |
| 97 | req.user.isEditor = true; |
| 98 | return next(); |
| 99 | } |
| 100 | |
| 101 | if (role === "projectAdmin" || role === "projectViewer" || role === "projectEditor") { |
| 102 | // save the projects in the user object |
| 103 | req.user.projects = projects; |
| 104 | req.user.permittedFields = permission.attributes; |
| 105 | |
| 106 | return next(); |
| 107 | } |
| 108 | |
| 109 | return res.status(403).json({ message: "Access denied" }); |
| 110 | }; |
| 111 | }; |
| 112 | |
| 113 | const ensureConnectionBelongsToTeam = async (req, res, next) => { |
| 114 | try { |
no test coverage detected