groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: incorporate NotAuthorized error in error handler

Browse Source
This commit is contained in:
Ali BARIN
2024-08-29 14:19:17 +00:00
parent 01340f4597
commit 7a54ff212e
4 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
packages/backend/src/helpers/authorization.js
View File

@@ -1,3 +1,5 @@
import NotAuthorizedError from '../errors/not-authorized.js';
const authorizationList = {
'GET /api/v1/users/:userId': {
action: 'read',
@@ -86,12 +88,8 @@ export const authorizeUser = async (request, response, next) => {
request.method + ' ' + request.baseUrl + request.route.path;
const currentRouteRule = authorizationList[currentRoute];
try {
request.currentUser.can(currentRouteRule.action, currentRouteRule.subject);
next();
} catch (error) {
return response.status(403).end();
}
request.currentUser.can(currentRouteRule.action, currentRouteRule.subject);
next();
};
export const authorizeAdmin = async (request, response, next) => {
@@ -100,6 +98,6 @@ export const authorizeAdmin = async (request, response, next) => {
if (role?.isAdmin) {
next();
} else {
return response.status(403).end();
throw new NotAuthorizedError();
}
};