add document types control on office ownership

This commit is contained in:
OxSaitama 2023-07-03 18:22:50 +02:00
parent c2856de59a
commit 4e632e27ed
4 changed files with 49 additions and 26 deletions

View File

@ -3,33 +3,40 @@ import DeedsService from "@Services/super-admin/DeedsService/DeedsService";
import { DocumentType } from "le-coffre-resources/dist/SuperAdmin";
import { NextFunction, Request, Response } from "express";
import Container from "typedi";
import DocumentTypesService from "@Services/super-admin/DocumentTypesService/DocumentTypesService";
export default async function deedHandler(req: Request, response: Response, next: NextFunction) {
const officeId = req.body.user.office_Id;
const uid = req.path && req.path.split("/")[5];
const documentTypes: DocumentType[] = req.body.document_types;
const documentTypes: DocumentType[] = req.body.document_types;
const deedService = Container.get(DeedsService);
const deed = await deedService.getOneByUidWithOffice(uid!);
const deedService = Container.get(DeedsService);
const deed = await deedService.getOneByUidWithOffice(uid!);
if (!deed) {
response.sendStatus(HttpCodes.NOT_FOUND);
return;
}
if (!deed) {
response.sendStatus(HttpCodes.NOT_FOUND);
return;
}
if (deed.deed_type.office.uid != officeId) {
response.sendStatus(HttpCodes.UNAUTHORIZED);
return;
}
if (deed.deed_type.office.uid != officeId) {
response.sendStatus(HttpCodes.UNAUTHORIZED);
return;
}
if(documentTypes) {
documentTypes.forEach((documentType) => {
if (documentType.office?.uid != officeId) {
response.sendStatus(HttpCodes.UNAUTHORIZED);
return;
}
});
}
if (documentTypes) {
const documentTypeService = Container.get(DocumentTypesService);
documentTypes.forEach(async (documentType) => {
const deedTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!);
if (!deedTypeWithOffice) {
response.sendStatus(HttpCodes.NOT_FOUND);
return;
}
if (deedTypeWithOffice.office?.uid != officeId) {
response.sendStatus(HttpCodes.UNAUTHORIZED);
return;
}
});
}
next();
}

View File

@ -3,6 +3,7 @@ import DeedTypesService from "@Services/super-admin/DeedTypesService/DeedTypesSe
import { DocumentType } from "le-coffre-resources/dist/SuperAdmin";
import { NextFunction, Request, Response } from "express";
import Container from "typedi";
import DocumentTypesService from "@Services/super-admin/DocumentTypesService/DocumentTypesService";
export default async function deedTypeHandler(req: Request, response: Response, next: NextFunction) {
const officeId = req.body.user.office_Id;
@ -31,8 +32,14 @@ export default async function deedTypeHandler(req: Request, response: Response,
}
if (documentTypes) {
documentTypes.forEach((documentType) => {
if (documentType.office?.uid != officeId) {
const documentTypeService = Container.get(DocumentTypesService);
documentTypes.forEach(async(documentType) => {
const documentTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!);
if(!documentTypeWithOffice) {
response.sendStatus(HttpCodes.NOT_FOUND);
return;
}
if (documentTypeWithOffice.office?.uid != officeId) {
response.sendStatus(HttpCodes.UNAUTHORIZED);
return;
}

View File

@ -4,6 +4,7 @@ import { NextFunction, Request, Response } from "express";
import Container from "typedi";
import { OfficeFolder } from "le-coffre-resources/dist/SuperAdmin";
import DocumentsService from "@Services/super-admin/DocumentsService/DocumentsService";
import DocumentTypesService from "@Services/super-admin/DocumentTypesService/DocumentTypesService";
export default async function documentHandler(req: Request, response: Response, next: NextFunction) {
const officeId = req.body.user.office_Id;
@ -16,9 +17,17 @@ export default async function documentHandler(req: Request, response: Response,
return;
}
if (documentType && documentType.office?.uid != officeId) {
response.sendStatus(HttpCodes.UNAUTHORIZED);
return;
if (documentType) {
const documentTypeService = Container.get(DocumentTypesService);
const documentTypeWithOffice = await documentTypeService.getByUidWithOffice(documentType.uid!);
if(!documentTypeWithOffice) {
response.sendStatus(HttpCodes.NOT_FOUND);
return;
}
if (documentTypeWithOffice.office?.uid != officeId) {
response.sendStatus(HttpCodes.UNAUTHORIZED);
return;
}
}
if (uid) {

View File

@ -14,7 +14,7 @@ export default async function fileHandler(req: Request, response: Response, next
return;
}
if(!uid) uid = req.path && req.path.split("/")[6];
if(uid === "download") uid = req.path && req.path.split("/")[6];
if (uid) {
const fileService = Container.get(FilesService);