(actionType = "readOwn")
| 26 | const teamController = new TeamController(); |
| 27 | |
| 28 | const checkPermissions = (actionType = "readOwn") => { |
| 29 | return async (req, res, next) => { |
| 30 | const projectId = req.params.id; |
| 31 | const teamId = req.params.team_id || req.body?.team_id; |
| 32 | |
| 33 | let teamRole; |
| 34 | let project; |
| 35 | |
| 36 | if (projectId) { |
| 37 | project = await projectController.findById(projectId); |
| 38 | if (!project) return res.status(404).json({ message: "Project not found" }); |
| 39 | } |
| 40 | |
| 41 | if (teamId) { |
| 42 | teamRole = await teamController.getTeamRole(teamId, req.user.id); |
| 43 | } else { |
| 44 | teamRole = await teamController.getTeamRole(project.team_id, req.user.id); |
| 45 | } |
| 46 | |
| 47 | if (!teamRole?.role) { |
| 48 | return res.status(403).json({ message: "Access denied" }); |
| 49 | } |
| 50 | |
| 51 | if (["teamOwner", "teamAdmin"].includes(teamRole.role)) { |
| 52 | const permission = accessControl.can(teamRole.role)[actionType]("project"); |
| 53 | if (!permission.granted) { |
| 54 | return res.status(403).json({ message: "Access denied" }); |
| 55 | } |
| 56 | |
| 57 | return next(); |
| 58 | } |
| 59 | |
| 60 | if (teamRole?.projects?.length > 0) { |
| 61 | if (projectId) { |
| 62 | const filteredProjects = teamRole.projects.filter((o) => `${o}` === `${projectId}`); |
| 63 | if (filteredProjects.length === 0) { |
| 64 | return res.status(403).json({ message: "Access denied" }); |
| 65 | } |
| 66 | } |
| 67 | |
| 68 | const permission = accessControl.can(teamRole.role)[actionType]("project"); |
| 69 | if (!permission.granted) { |
| 70 | return res.status(403).json({ message: "Access denied" }); |
| 71 | } |
| 72 | |
| 73 | req.user.projects = teamRole.projects; |
| 74 | |
| 75 | return next(); |
| 76 | } |
| 77 | |
| 78 | return res.status(403).json({ message: "Access denied" }); |
| 79 | }; |
| 80 | }; |
| 81 | |
| 82 | /* |
| 83 | ** [MASTER] Route to get all the projects |
no test coverage detected