akhilmeka/permit-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: check for client match on GET endpoint of permits and processed

Browse Source
This commit is contained in:
Akhil Meka
2025-11-08 10:22:41 +05:30
parent 0fa88bea70
commit 894343db5a
4 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/permit/permit.controller.ts
View File

@@ -29,7 +29,7 @@ export async function getPermitHandler(req: FastifyRequest, res: FastifyReply) {
const { permitId } = req.params as { permitId: string };
try {
const permit = await getPermit(permitId, req.user.tenantId);
const permit = await getPermit(permitId, req.user);
if (permit === null)
return res.code(404).send({ error: "resource not found" });

11
src/permit/permit.service.ts
View File

@@ -91,15 +91,20 @@ export async function createPermit(
}
}
export async function getPermit(permitId: string, tenantId: string) {
return await permitModel
export async function getPermit(permitId: string, user: AuthenticatedUser) {
const permit = await permitModel
.findOne({
$and: [{ tenantId: tenantId }, { pid: permitId }],
$and: [{ tenantId: user.tenantId }, { pid: permitId }],
})
//.populate({ path: "county", select: "pid name avatar" })
//.populate({ path: "client", select: "pid name avatar" })
.populate({ path: "assignedTo", select: "pid name avatar" })
.populate({ path: "createdBy", select: "pid name avatar" });
if (permit && user.role == "client" && user.orgId != permit.client.toString())
return null;
return permit;
}
export async function listPermits(

2
src/processed/processed.route.ts
View File

@@ -68,7 +68,7 @@ export async function processedRoutes(fastify: FastifyInstance) {
const { permitId } = req.params as { permitId: string };
try {
const permit = await getProcessedPermit(permitId, req.user.tenantId);
const permit = await getProcessedPermit(permitId, req.user);
return res.code(200).send(permit);
} catch (err) {
return err;

14
src/processed/processed.service.ts
View File

@@ -16,13 +16,21 @@ import { createAlert } from "../alert/alert.service";
import { getUser } from "../user/user.service";
import { orgModel } from "../organization/organization.schema";
export async function getProcessedPermit(permitId: String, tenantId: String) {
return await processedModel
export async function getProcessedPermit(
permitId: String,
user: AuthenticatedUser
) {
const permit = await processedModel
.findOne({
$and: [{ tenantId: tenantId }, { pid: permitId }],
$and: [{ tenantId: user.tenantId }, { pid: permitId }],
})
.populate({ path: "assignedTo", select: "pid name avatar" })
.populate({ path: "createdBy", select: "pid name avatar" });
if (permit && user.role == "client" && user.orgId != permit.client.toString())
return null;
return permit;
}
export async function updateProcessed(