npm - @konplit-services/common - Versions diffs - 1.0.123 → 1.0.125 - Mend

@konplit-services/common 1.0.123 → 1.0.125

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/build/middlewares/permission.d.ts +2 -1
package/build/middlewares/permission.js +4 -1
package/build/middlewares/validate-fields.js +4 -5
package/package.json +1 -1

package/build/middlewares/permission.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { NextFunction, Request, Response } from "express";
 import { JWT_Data } from "../services/Jwt";
+import { USER_TYPES } from "../helper";
 declare global {
     namespace Express {
         interface Request {
@@ -7,4 +8,4 @@ declare global {
         }
     }
 }
-export declare const hasPermission: (permissionCode: string) => (req: Request, res: Response, next: NextFunction) => Promise<void>;
+export declare const hasPermission: (userType: USER_TYPES, permissionCode: string) => (req: Request, res: Response, next: NextFunction) => Promise<void>;

package/build/middlewares/permission.js CHANGED Viewed

@@ -16,13 +16,16 @@ const error_codes_1 = require("../helper/errorCodes/error-codes");
 const language_1 = require("../helper/lang/language");
 const base_1 = require("../redis/base");
 const constants_1 = require("../redis/constants");
-const hasPermission = (permissionCode) => {
+const hasPermission = (userType, permissionCode) => {
     return (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
         //comment
         if (!req.currentUser) {
             throw new notAuthorized_1.NotAuthorizedError(language_1.lang.not_authorized, error_codes_1.error_codes.INVALID_AUTHORIZATION);
         }
         const user = req.currentUser;
+        if (userType !== user.userType) {
+            throw new forbidden_error_1.ForbiddenError(language_1.lang.forbidden, error_codes_1.error_codes.INVALID_FORBIDDEN);
+        }
         try {
             let permissions = [];
             const perm = yield base_1.redisWrapper.get((0, constants_1.getPermissions)(user.id));

package/build/middlewares/validate-fields.js CHANGED Viewed

@@ -18,10 +18,9 @@ const validAllowedFields = (allowFields) => {
             const params = Object.keys(req.params);
             const query = Object.keys(req.query);
             const body = Object.keys(req.body);
-            const submittedFields = [
-                ...params,
-                ...query,
-                ...body,
+            const submittedFields = [...params, ...query, ...body];
+            const newAllowedFields = [
+                ...allowFields,
                 "search",
                 "page",
                 "limit",
@@ -30,7 +29,7 @@ const validAllowedFields = (allowFields) => {
                 "sort_by",
                 "order",
             ];
-            const extraFields = submittedFields.filter((field) => !allowFields.includes(field));
+            const extraFields = submittedFields.filter((field) => !newAllowedFields.includes(field));
             if (extraFields.length > 0) {
                 throw new errors_1.BadRequestError(`Extra fields submitted: ${extraFields.join(", ")}`, error_codes_1.error_codes.INVALID_INPUT);
             }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@konplit-services/common",
-  "version": "1.0.123",
+  "version": "1.0.125",
   "description": "",
   "main": "./build/index.js",
   "types": "./build/index.d.ts",