d7fb7b7a7b
Build & Deploy / Build & Push Docker Image (push) Failing after 47s
Build & Deploy / Deploy to VPS (push) Has been skipped
Test / API Unit Tests (push) Failing after 5m4s
Test / Marketplace Unit Tests (push) Failing after 4m55s
Test / Admin Unit Tests (push) Successful in 9m37s
Test / Dashboard Unit Tests (push) Successful in 9m37s
Test / API Integration Tests (push) Successful in 9m54s
33 lines
1006 B
TypeScript
33 lines
1006 B
TypeScript
import { Request, Response, NextFunction } from 'express'
|
|
import { EmployeeRole } from '@rentaldrivego/database'
|
|
import { sendUnauthorized, sendForbidden } from './authHelpers'
|
|
|
|
const ROLE_RANK: Record<EmployeeRole, number> = {
|
|
OWNER: 3,
|
|
MANAGER: 2,
|
|
AGENT: 1,
|
|
}
|
|
|
|
/**
|
|
* Requires the authenticated employee to have at least `minimumRole`.
|
|
* Must be applied after `requireCompanyAuth`.
|
|
*/
|
|
export function requireRole(minimumRole: EmployeeRole) {
|
|
return (req: Request, res: Response, next: NextFunction) => {
|
|
const employee = req.employee
|
|
if (!employee) return sendUnauthorized(res, 'unauthenticated', 'Authentication required')
|
|
|
|
const employeeRank = ROLE_RANK[employee.role] ?? 0
|
|
const requiredRank = ROLE_RANK[minimumRole] ?? 99
|
|
|
|
if (employeeRank < requiredRank) {
|
|
return sendForbidden(res, 'forbidden', `This action requires the ${minimumRole} role or higher`, {
|
|
requiredRole: minimumRole,
|
|
yourRole: employee.role,
|
|
})
|
|
}
|
|
|
|
next()
|
|
}
|
|
}
|