3
\$\begingroup\$

In my example, I have four models: User, Company, Project, and Plant (though my project technically has more: Plant, Job, Team, etc.).

Model User: name, role, company: { id, role }, projects: [ { id, role } ], plants: [ { id, role } ]Model Company: name, members [ ], projects [ ]Model Project: title, members [ ], company, plants [ ]Model Plant: title, members [ ], project, jobs [ ]

First, I wrote a simple script to check the role of a given user (middleware.js):

const isAdmin = (user) => {    return user.role === "admin"}const isCompanyMember = (user, companyId) => {    return user.company.id && user.company.id.equals(companyId)}

To check multiple permissions, I wrote a function that always gets used in the middleware.

const checkPermit = (...checks) => {    let permit = 0    for (let i = 0; i < checks.length; i++) {        if (checks[i]) permit = 1    }    return permit}

Afterwards, I wrote this function to get a list of users by project ID (controller.js):

const getListUsersByProjectId = async (req, res, next) => {    const { projectId } = req.params    try {        const project = await Project.findById(projectId)            .select("members")            .populate("members", "name")        if (!project) return next("Project not found")        res.json({            result: 'ok',            message: "Find list of users successfully",            data: project        })    } catch (error) {        next(error)    }}

To more easily find a given project by its ID, I wrote this helper function:

const findProject = (projectId) => {    return Project.findById(projectId)}

Finally, I wrote the router (router.js):

router.get('/get-list-users/:projectId',    authentication.required,    // I set signed user to req.user in function authentication.required    async (req, res, next) => {        try {            let { user } = req            let project = await findProject(req.params.projectId)            if (!project) return next("Can not find project")            let permit = checkPermit(                isAdmin(user)                isCompanyMember(user, project.company)            )            if (permit) return next()            else return next("You don't have authorization to do this action!")        } catch (error) {            next(error)        }    },    getListUsersByProjectId)

It's working well and as intended, but the code isn't particularly fun to work with! How can I improve the code and make it more clean?

Aleksandr Hovhannisyan's user avatar
Aleksandr Hovhannisyan
5371 gold badge3 silver badges12 bronze badges
askedAug 12, 2019 at 15:53
Nguyen Van Tuan's user avatar
\$\endgroup\$

0

You mustlog in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.