Skip to content

Commit

Permalink
Refactor company profile endpoint and middleware
Browse files Browse the repository at this point in the history
  • Loading branch information
ttoino committed Nov 17, 2022
1 parent 2ab947d commit 3fa347c
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 39 deletions.
60 changes: 28 additions & 32 deletions src/api/middleware/company.js
Original file line number Diff line number Diff line change
Expand Up @@ -85,45 +85,41 @@ export const profileComplete = async (req, res, next) => {
return next();
};

export const restrictedAccess = (owner) => async (req, res, next) => {
const company = await (new CompanyService()).findById(owner, true);
let error = {};

if (req.params?.companyId === req.user.company) {
let reason = ValidationReasons.UNKNOWN;
export const canAccessProfile = (companyId) => async (req, res, next) => {
const company = await new CompanyService().findById(companyId, true);

if (company.isBlocked)
reason = ValidationReasons.COMPANY_BLOCKED;
else if (company.isDisabled)
reason = ValidationReasons.COMPANY_DISABLED;

error = new APIError(
HTTPStatus.OK,
const notFound = () =>
new APIError(
HTTPStatus.UNPROCESSABLE_ENTITY,
ErrorTypes.VALIDATION_ERROR,
reason,
{ company: company }
[
{
value: companyId,
msg: ValidationReasons.COMPANY_NOT_FOUND(companyId),
param: "companyId",
location: "params",
},
]
);
} else {
error = new APIError(
HTTPStatus.FORBIDDEN,
ErrorTypes.FORBIDDEN,
ValidationReasons.NOT_FOUND

const errorOrNotFound = (reason) =>
companyId === req.user?.company?.toString() || req.hasAdminPrivileges
? new APIError(HTTPStatus.FORBIDDEN, ErrorTypes.FORBIDDEN, reason)
: notFound();

if (!company.hasFinishedRegistration)
return next(
errorOrNotFound(ValidationReasons.REGISTRATION_NOT_FINISHED)
);
}

return next(error);
};
if (req.hasAdminPrivileges)
return next();

export const registrationStatus = (owner) => async (req, res, next) => {
const company = await (new CompanyService()).findById(owner, true);
if (company.isBlocked)
return next(errorOrNotFound(ValidationReasons.COMPANY_BLOCKED));

if (!company.hasFinishedRegistration) {
return next(new APIError(
HTTPStatus.FORBIDDEN,
ErrorTypes.FORBIDDEN,
(req.params?.companyId !== req.user.company) ? ValidationReasons.NOT_FOUND : ValidationReasons.REGISTRATION_NOT_FINISHED
));
}
if (company.isDisabled && companyId !== req.user?.company?.toString())
return next(notFound());

return next();
};
Expand Down
23 changes: 16 additions & 7 deletions src/api/routes/company.js
Original file line number Diff line number Diff line change
Expand Up @@ -75,14 +75,23 @@ export default (app) => {

router.get("/:companyId",
validators.profile,
(req, res, next) => companyMiddleware.restrictedAccess(req.params.companyId)(req, res, next),
(req, res, next) => companyMiddleware.registrationStatus(req.params.companyId)(req, res, next),
(req, res, next) => companyMiddleware.canAccessProfile(req.params.companyId)(req, res, next),
async (req, res) => {
const company = await new CompanyService().findById(req.params.companyId, req.hasAdminPrivileges, req.hasAdminPrivileges);
const offers = (await new OfferService()
.getOffersByCompanyId(req.params.companyId, req.targetOwner, req.hasAdminPrivileges, {
sort: { publishDate: "desc" }, limit: CompanyConstants.offers.max_profile_visible
})
const company = await new CompanyService().findById(
req.params.companyId,
// Can be safely set to true, as the middleware takes
// care of validation for us
true,
req.hasAdminPrivileges
);
const offers = await new OfferService().getOffersByCompanyId(
req.params.companyId,
req.targetOwner,
req.hasAdminPrivileges,
{
sort: { publishDate: "desc" },
limit: CompanyConstants.offers.max_profile_visible,
}
);
return res.json({ company, offers });
}
Expand Down

0 comments on commit 3fa347c

Please sign in to comment.