23 lines
971 B
TypeScript
23 lines
971 B
TypeScript
import {NextFunction} from "express";
|
|
|
|
import {IWorkLenzRequest} from "../../interfaces/worklenz-request";
|
|
import {IWorkLenzResponse} from "../../interfaces/worklenz-response";
|
|
import {ServerResponse} from "../../models/server-response";
|
|
import ProjectsController from "../../controllers/projects-controller";
|
|
|
|
export default async function (req: IWorkLenzRequest, res: IWorkLenzResponse, next: NextFunction): Promise<IWorkLenzResponse | void> {
|
|
|
|
let is_project_manager = false;
|
|
|
|
if (req.query.current_project_id) {
|
|
const result = await ProjectsController.getProjectManager(req.query.current_project_id as string);
|
|
if (result.length)
|
|
if (req.user && (result[0].team_member_id === req.user?.team_member_id)) is_project_manager = true;
|
|
}
|
|
|
|
if (req.user && (req.user.owner || req.user.is_admin || is_project_manager))
|
|
return next();
|
|
return res.status(401).send(new ServerResponse(false, null, "You are not authorized to perform this action"));
|
|
}
|
|
|