()
| 9 | const teamController = new TeamController(); |
| 10 | |
| 11 | const checkPermissions = () => { |
| 12 | return async (req, res, next) => { |
| 13 | const { team_id } = req.params; |
| 14 | const teamRole = await teamController.getTeamRole(team_id, req.user.id); |
| 15 | |
| 16 | if (!teamRole) { |
| 17 | return res.status(403).json({ message: "Access denied" }); |
| 18 | } |
| 19 | |
| 20 | if (!ALLOWED_AUDIT_ROLES.includes(teamRole.role)) { |
| 21 | return res.status(403).json({ message: "Access denied" }); |
| 22 | } |
| 23 | |
| 24 | return next(); |
| 25 | }; |
| 26 | }; |
| 27 | |
| 28 | app.get("/team/:team_id/update-runs", verifyToken, checkPermissions(), (req, res) => { |
| 29 | return updateRunController.findByTeam(req.params.team_id, req.query) |
no test coverage detected