30 lines
1.0 KiB
JavaScript
30 lines
1.0 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.requireRole = requireRole;
|
|
const authHelpers_1 = require("./authHelpers");
|
|
const ROLE_RANK = {
|
|
OWNER: 3,
|
|
MANAGER: 2,
|
|
AGENT: 1,
|
|
};
|
|
/**
|
|
* Requires the authenticated employee to have at least `minimumRole`.
|
|
* Must be applied after `requireCompanyAuth`.
|
|
*/
|
|
function requireRole(minimumRole) {
|
|
return (req, res, next) => {
|
|
const employee = req.employee;
|
|
if (!employee)
|
|
return (0, authHelpers_1.sendUnauthorized)(res, 'unauthenticated', 'Authentication required');
|
|
const employeeRank = ROLE_RANK[employee.role] ?? 0;
|
|
const requiredRank = ROLE_RANK[minimumRole] ?? 99;
|
|
if (employeeRank < requiredRank) {
|
|
return (0, authHelpers_1.sendForbidden)(res, 'forbidden', `This action requires the ${minimumRole} role or higher`, {
|
|
requiredRole: minimumRole,
|
|
yourRole: employee.role,
|
|
});
|
|
}
|
|
next();
|
|
};
|
|
}
|
|
//# sourceMappingURL=requireRole.js.map
|