Add description

2024-05-12 21:16:54 +07:00 · 2024-05-12 21:16:54 +07:00 · dca701ba70
commit dca701ba70
parent 3f6753d7d4
1 changed files with 27 additions and 7 deletions
--- a/apps/backend/src/middlewares/checkPermission.ts
+++ b/apps/backend/src/middlewares/checkPermission.ts
@ -3,19 +3,39 @@ import { PermissionCode } from "../data/permissions";
 import HonoEnv from "../types/HonoEnv";
 import { unauthorized } from "../errors/DashboardError";

+/**
+ * Creates a middleware to check if the current user has the required permissions.
+ *
+ * This middleware checks if the current user's permissions include any of the specified
+ * permissions required to proceed. It allows proceeding if the user has the requisite
+ * permissions or denies access by triggering an unauthorized error.
+ *
+ * @param {PermissionCode[]} permissions - An array of permissions to check against the current user's permissions.
+ * @returns {import('hono').Middleware<HonoEnv>} A middleware function for the Hono framework.
+ */
 const checkPermission = (...permissions: PermissionCode[]) =>
 	createMiddleware<HonoEnv>(async (c, next) => {
-		if (permissions.includes("*")) await next();
-		else if (c.var.currentUser) {
-			if (
-				c.var.currentUser.permissions.some((p) =>
+		// Allow all operations if the permissions include a wildcard "*"
+		if (permissions.includes("*")) {
+			await next();
+			return;
+		}
+
+		const currentUser = c.var.currentUser;
+		// Proceed if the user exists and has any of the required permissions
+		if (currentUser) {
+			const hasPermission = currentUser.permissions.some((p) =>
 				permissions.includes(p)
-				)
-			)
+			);
+			if (hasPermission) {
 				await next();
 			} else {
 				unauthorized();
 			}
+		} else {
+			// No current user found, trigger unauthorized error
+			unauthorized();
+		}
 	});

 export default checkPermission;