akhilmeka/permit-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: check for client match on GET endpoint of permits and processed

Browse Source
This commit is contained in:
Akhil Meka
2025-11-08 10:22:41 +05:30
parent 0fa88bea70
commit 894343db5a
4 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/processed/processed.service.ts
View File

@@ -16,13 +16,21 @@ import { createAlert } from "../alert/alert.service";
import { getUser } from "../user/user.service";
import { orgModel } from "../organization/organization.schema";
export async function getProcessedPermit(permitId: String, tenantId: String) {
return await processedModel
export async function getProcessedPermit(
permitId: String,
user: AuthenticatedUser
) {
const permit = await processedModel
.findOne({
$and: [{ tenantId: tenantId }, { pid: permitId }],
$and: [{ tenantId: user.tenantId }, { pid: permitId }],
})
.populate({ path: "assignedTo", select: "pid name avatar" })
.populate({ path: "createdBy", select: "pid name avatar" });
if (permit && user.role == "client" && user.orgId != permit.client.toString())
return null;
return permit;
}
export async function updateProcessed(