111 lines
3.0 KiB
JavaScript
111 lines
3.0 KiB
JavaScript
const householdModel = require("../models/household.model");
|
|
|
|
// Middleware to check if user belongs to household
|
|
exports.householdAccess = async (req, res, next) => {
|
|
try {
|
|
const householdId = parseInt(req.params.householdId || req.params.hId);
|
|
const userId = req.user.id;
|
|
|
|
if (!householdId) {
|
|
return res.status(400).json({ error: "Household ID required" });
|
|
}
|
|
|
|
// Check if user is member of household
|
|
const isMember = await householdModel.isHouseholdMember(householdId, userId);
|
|
|
|
if (!isMember) {
|
|
return res.status(403).json({
|
|
error: "Access denied. You are not a member of this household."
|
|
});
|
|
}
|
|
|
|
// Get user's role in household
|
|
const role = await householdModel.getUserRole(householdId, userId);
|
|
|
|
// Attach household info to request
|
|
req.household = {
|
|
id: householdId,
|
|
role: role
|
|
};
|
|
|
|
next();
|
|
} catch (error) {
|
|
console.error("Household access check error:", error);
|
|
res.status(500).json({ error: "Server error checking household access" });
|
|
}
|
|
};
|
|
|
|
// Middleware to require specific household role(s)
|
|
exports.requireHouseholdRole = (...allowedRoles) => {
|
|
return (req, res, next) => {
|
|
if (!req.household) {
|
|
return res.status(500).json({
|
|
error: "Household context not set. Use householdAccess middleware first."
|
|
});
|
|
}
|
|
|
|
if (!allowedRoles.includes(req.household.role)) {
|
|
return res.status(403).json({
|
|
error: `Access denied. Required role: ${allowedRoles.join(" or ")}. Your role: ${req.household.role}`
|
|
});
|
|
}
|
|
|
|
next();
|
|
};
|
|
};
|
|
|
|
// Middleware to require admin role in household
|
|
exports.requireHouseholdAdmin = exports.requireHouseholdRole('admin');
|
|
|
|
// Middleware to check store access (household must have store)
|
|
exports.storeAccess = async (req, res, next) => {
|
|
try {
|
|
const storeId = parseInt(req.params.storeId || req.params.sId);
|
|
|
|
if (!storeId) {
|
|
return res.status(400).json({ error: "Store ID required" });
|
|
}
|
|
|
|
if (!req.household) {
|
|
return res.status(500).json({
|
|
error: "Household context not set. Use householdAccess middleware first."
|
|
});
|
|
}
|
|
|
|
// Check if household has access to this store
|
|
const storeModel = require("../models/store.model");
|
|
const hasStore = await storeModel.householdHasStore(req.household.id, storeId);
|
|
|
|
if (!hasStore) {
|
|
return res.status(403).json({
|
|
error: "This household does not have access to this store."
|
|
});
|
|
}
|
|
|
|
// Attach store info to request
|
|
req.store = {
|
|
id: storeId
|
|
};
|
|
|
|
next();
|
|
} catch (error) {
|
|
console.error("Store access check error:", error);
|
|
res.status(500).json({ error: "Server error checking store access" });
|
|
}
|
|
};
|
|
|
|
// Middleware to require system admin role
|
|
exports.requireSystemAdmin = (req, res, next) => {
|
|
if (!req.user) {
|
|
return res.status(401).json({ error: "Authentication required" });
|
|
}
|
|
|
|
if (req.user.role !== 'system_admin') {
|
|
return res.status(403).json({
|
|
error: "Access denied. System administrator privileges required."
|
|
});
|
|
}
|
|
|
|
next();
|
|
};
|