67 lines
2.8 KiB
TypeScript
67 lines
2.8 KiB
TypeScript
import HttpCodes from "@Common/system/controller-pattern/HttpCodes";
|
|
import FilesService from "@Services/common/FilesService/FilesService";
|
|
import DocumentsService from "@Services/customer/DocumentsService/DocumentsService";
|
|
import File from "le-coffre-resources/dist/SuperAdmin/File";
|
|
import { NextFunction, Request, Response } from "express";
|
|
import Container from "typedi";
|
|
import { EDocumentStatus } from "@prisma/client";
|
|
import CustomersService from "@Services/super-admin/CustomersService/CustomersService";
|
|
|
|
export default async function fileHandler(req: Request, response: Response, next: NextFunction) {
|
|
const customerId = req.body.user.customerId;
|
|
const customerEmail = req.body.user.email;
|
|
const uid = req.path && req.path.split("/")[5];
|
|
const file: string | undefined = req.body["q"];
|
|
|
|
if (req.file && req.file.mimetype !== "application/pdf" && req.file.mimetype !== "image/png" && req.file.mimetype !== "image/jpeg") {
|
|
response.status(HttpCodes.BAD_REQUEST).send("File type not supported");
|
|
return;
|
|
}
|
|
|
|
if (uid) {
|
|
const fileService = Container.get(FilesService);
|
|
const file = await fileService.getByUidWithDocument(uid);
|
|
if (!file) {
|
|
response.status(HttpCodes.NOT_FOUND).send("File not found");
|
|
return;
|
|
}
|
|
if (file.document.depositor_uid != customerId) {
|
|
const customerService = Container.get(CustomersService);
|
|
const customers = await customerService.get({where: {contact: { email: customerEmail}}});
|
|
if (customers && !customers.find((customer) => customer.uid === file.document.depositor_uid)) {
|
|
response.status(HttpCodes.UNAUTHORIZED).send("Not authorized with this depositor");
|
|
return;
|
|
}
|
|
}
|
|
if (req.method === "PUT") {
|
|
if (file.document.document_status === EDocumentStatus.VALIDATED) {
|
|
response.status(HttpCodes.BAD_REQUEST).send("Cannot update a validated document");
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
if (file) {
|
|
const fileEntity = File.hydrate<File>(JSON.parse(file));
|
|
const documentService = Container.get(DocumentsService);
|
|
const documentFound = await documentService.getByUid(fileEntity.document?.uid!, { folder: { include: { folder_anchor: true } } });
|
|
if (!documentFound) {
|
|
response.status(HttpCodes.NOT_FOUND).send("Document not found");
|
|
return;
|
|
}
|
|
if (documentFound.depositor_uid != customerId) {
|
|
const customerService = Container.get(CustomersService);
|
|
const customers = await customerService.get({where: {contact: { email: customerEmail}}});
|
|
if (customers && !customers.find((customer) => customer.uid === documentFound.depositor_uid)) {
|
|
response.status(HttpCodes.UNAUTHORIZED).send("Not authorized with this depositor");
|
|
return;
|
|
}
|
|
}
|
|
if (documentFound.document_status === EDocumentStatus.VALIDATED) {
|
|
response.status(HttpCodes.BAD_REQUEST).send("Cannot update a validated document");
|
|
return;
|
|
}
|
|
}
|
|
|
|
next();
|
|
}
|