refactor: middleware

2024-09-10 13:24:56 +07:00 · 2024-09-10 13:24:56 +07:00 · 0699835129
commit 0699835129
parent 06919a0205
1 changed files with 5 additions and 40 deletions
--- a/src/middlewares/employee.ts
+++ b/src/middlewares/employee.ts
@ -3,9 +3,11 @@ import { RequestWithUser } from "../interfaces/user";
 import prisma from "../db";
 import HttpStatus from "../interfaces/http-status";
 import HttpError from "../interfaces/http-error";
-import { isSystem } from "../utils/keycloak";
+import { branchRelationPermInclude, createPermCheck } from "../services/permission";

 export function permissionCheck(globalAllow: (user: RequestWithUser["user"]) => boolean) {
+  const checker = createPermCheck(globalAllow);
+
  return async (req: RequestWithUser, _res: express.Response, next: express.NextFunction) => {
    if ("employeeId" in req.params && typeof req.params.employeeId === "string") {
      const employeeId = req.params.employeeId;
@ -17,23 +19,7 @@ export function permissionCheck(globalAllow: (user: RequestWithUser["user"]) =>
              customer: {
                include: {
                  registeredBranch: {
-                    include: {
-                      user: {
-                        where: { userId: req.user.sub },
-                      },
-                      branch: {
-                        where: {
-                          user: {
-                            some: { userId: req.user.sub },
-                          },
-                        },
-                        include: {
-                          user: {
-                            where: { userId: req.user.sub },
-                          },
-                        },
-                      },
-                    },
+                    include: branchRelationPermInclude(req.user),
                  },
                },
              },
@ -46,28 +32,7 @@ export function permissionCheck(globalAllow: (user: RequestWithUser["user"]) =>
        throw new HttpError(HttpStatus.BAD_REQUEST, "Employee cannot be found.", "employeeBadReq");
      }

-      if (!isSystem(req.user)) {
-        const _branch = employee.customerBranch.customer.registeredBranch;
-        const affilationBranch = _branch && _branch.user.length !== 0;
-        const affilationHeadBranch = _branch && _branch.branch.every((v) => v.user.length !== 0);
-        if (!globalAllow(req.user)) {
-          if (!affilationBranch) {
-            throw new HttpError(
-              HttpStatus.FORBIDDEN,
-              "You do not have permission to perform this action.",
-              "noPermission",
-            );
-          }
-        } else {
-          if (!affilationBranch && !affilationHeadBranch) {
-            throw new HttpError(
-              HttpStatus.FORBIDDEN,
-              "You do not have permission to perform this action.",
-              "noPermission",
-            );
-          }
-        }
-      }
+      await checker(req.user, employee.customerBranch.customer.registeredBranch);
    }
    next();
  };