33 lines
990 B
TypeScript
33 lines
990 B
TypeScript
import HttpCodes from "@Common/system/controller-pattern/HttpCodes";
|
|
import { NextFunction, Request, Response } from "express";
|
|
import Container from "typedi";
|
|
import UsersService from "@Services/super-admin/UsersService/UsersService";
|
|
|
|
export default async function userHandler(req: Request, response: Response, next: NextFunction) {
|
|
const officeId = req.body.user.office_Id;
|
|
const uid = req.path && req.path.split("/")[5];
|
|
const office = req.body.office_membership;
|
|
|
|
if (office && office.uid != officeId) {
|
|
response.status(HttpCodes.UNAUTHORIZED).send("Not authorized with this office");
|
|
return;
|
|
}
|
|
|
|
if (uid) {
|
|
const userService = Container.get(UsersService);
|
|
const user = await userService.getByUidWithOffice(uid!);
|
|
|
|
if (!user) {
|
|
response.status(HttpCodes.NOT_FOUND).send("User not found");
|
|
return;
|
|
}
|
|
|
|
if (user.office_membership.uid != officeId) {
|
|
response.status(HttpCodes.UNAUTHORIZED).send("Not authorized with this office");
|
|
return;
|
|
}
|
|
}
|
|
|
|
next();
|
|
}
|