archetecture security fix

This commit is contained in:
root
2026-06-11 03:22:12 -04:00
parent 6def9993da
commit 9483750161
3126 changed files with 177194 additions and 37211 deletions
+22
View File
@@ -0,0 +1,22 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.requireCompanyPolicy = requireCompanyPolicy;
const authHelpers_1 = require("./authHelpers");
const companyPolicy_1 = require("../security/policies/companyPolicy");
function requireCompanyPolicy(action) {
return (req, res, next) => {
const employee = req.employee;
if (!employee)
return (0, authHelpers_1.sendUnauthorized)(res, 'unauthenticated', 'Authentication required');
const allowedRoles = companyPolicy_1.CompanyPolicy[action];
if (!allowedRoles.includes(employee.role)) {
return (0, authHelpers_1.sendForbidden)(res, 'forbidden', 'You do not have permission to perform this action', {
action,
allowedRoles,
yourRole: employee.role,
});
}
next();
};
}
//# sourceMappingURL=requireCompanyPolicy.js.map