From 6ceb96ea4c86292faa3066c98c1a15a54ca61246 Mon Sep 17 00:00:00 2001 From: OxSaitama Date: Tue, 24 Oct 2023 10:24:03 +0200 Subject: [PATCH] add notification middlewares --- src/app/api/customer/DocumentsController.ts | 2 ++ src/app/api/notary/UserNotificationController.ts | 7 ++++--- src/app/middlewares/RolesHandler.ts | 5 +++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/app/api/customer/DocumentsController.ts b/src/app/api/customer/DocumentsController.ts index 7e33f229..5d6142fb 100644 --- a/src/app/api/customer/DocumentsController.ts +++ b/src/app/api/customer/DocumentsController.ts @@ -70,6 +70,7 @@ export default class DocumentsController extends ApiController { if (req.query["q"]) { query = JSON.parse(req.query["q"] as string); if (query.folder) delete query.folder; + } const documentEntity = await this.documentsService.getByUid(uid, query); @@ -85,6 +86,7 @@ export default class DocumentsController extends ApiController { //success this.httpSuccess(response, document); } catch (error) { + console.log(error); this.httpInternalError(response); return; } diff --git a/src/app/api/notary/UserNotificationController.ts b/src/app/api/notary/UserNotificationController.ts index 1654df3b..970a150b 100644 --- a/src/app/api/notary/UserNotificationController.ts +++ b/src/app/api/notary/UserNotificationController.ts @@ -6,6 +6,7 @@ import UserNotification from "le-coffre-resources/dist/Notary/UserNotification"; import UserNotificationService from "@Services/common/UserNotificationService/UserNotificationService"; import authHandler from "@App/middlewares/AuthHandler"; import { Prisma } from "@prisma/client"; +import roleHandler from "@App/middlewares/RolesHandler"; @Controller() @Service() @@ -17,7 +18,7 @@ export default class UserNotificationController extends ApiController { /** * @description Get all customers */ - @Get("/api/v1/notary/notifications", [authHandler]) + @Get("/api/v1/notary/notifications", [authHandler, roleHandler]) protected async get(req: Request, response: Response) { try { //get query @@ -51,7 +52,7 @@ export default class UserNotificationController extends ApiController { /** * @description Modify a specific customer by uid */ - @Put("/api/v1/notary/notifications/:uid", [authHandler]) + @Put("/api/v1/notary/notifications/:uid", [authHandler, roleHandler]) protected async put(req: Request, response: Response) { try { const uid = req.params["uid"]; @@ -94,7 +95,7 @@ export default class UserNotificationController extends ApiController { /** * @description Get a specific customer by uid */ - @Get("/api/v1/notary/notifications/:uid", [authHandler]) + @Get("/api/v1/notary/notifications/:uid", [authHandler, roleHandler]) protected async getOneByUid(req: Request, response: Response) { try { const uid = req.params["uid"]; diff --git a/src/app/middlewares/RolesHandler.ts b/src/app/middlewares/RolesHandler.ts index 3a4a9c77..0a423db8 100644 --- a/src/app/middlewares/RolesHandler.ts +++ b/src/app/middlewares/RolesHandler.ts @@ -7,6 +7,11 @@ export default async function roleHandler(req: Request, response: Response, next const namespace = req.path && req.path.split("/")[3]; const role = req.body.user.role; + if(!role) { + response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized without role"); + return; + } + if (namespace != "notary" && role != namespace && role != "super-admin") { response.status(HttpCodes.UNAUTHORIZED).send("Unauthorized with this role"); return;