Refactor company profile endpoint and middleware

NIAEFEUP · Mar 7, 2023 · ba7c65b · ba7c65b
1 parent b564cea
commit ba7c65b
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 39 deletions.
diff --git a/src/api/middleware/company.js b/src/api/middleware/company.js
@@ -85,45 +85,41 @@ export const profileComplete = async (req, res, next) => {
  return next();
 };
 
-export const restrictedAccess = (owner) => async (req, res, next) => {
- const company = await (new CompanyService()).findById(owner, true);
- let error = {};
-
- if (req.params?.companyId === req.user.company) {
- let reason = ValidationReasons.UNKNOWN;
+export const canAccessProfile = (companyId) => async (req, res, next) => {
+ const company = await new CompanyService().findById(companyId, true);
 
- if (company.isBlocked)
- reason = ValidationReasons.COMPANY_BLOCKED;
- else if (company.isDisabled)
- reason = ValidationReasons.COMPANY_DISABLED;
-
- error = new APIError(
- HTTPStatus.OK,
+ const notFound = () =>
+ new APIError(
+ HTTPStatus.UNPROCESSABLE_ENTITY,
  ErrorTypes.VALIDATION_ERROR,
- reason,
- { company: company }
+ [
+ {
+ value: companyId,
+ msg: ValidationReasons.COMPANY_NOT_FOUND(companyId),
+ param: "companyId",
+ location: "params",
+ },
+ ]
  );
- } else {
- error = new APIError(
- HTTPStatus.FORBIDDEN,
- ErrorTypes.FORBIDDEN,
- ValidationReasons.NOT_FOUND
+
+ const errorOrNotFound = (reason) =>
+ companyId === req.user?.company?.toString() || req.hasAdminPrivileges
+ ? new APIError(HTTPStatus.FORBIDDEN, ErrorTypes.FORBIDDEN, reason)
+ : notFound();
+
+ if (!company.hasFinishedRegistration)
+ return next(
+ errorOrNotFound(ValidationReasons.REGISTRATION_NOT_FINISHED)
  );
- }
 
- return next(error);
-};
+ if (req.hasAdminPrivileges)
+ return next();
 
-export const registrationStatus = (owner) => async (req, res, next) => {
- const company = await (new CompanyService()).findById(owner, true);
+ if (company.isBlocked)
+  return next(errorOrNotFound(ValidationReasons.COMPANY_BLOCKED));
 
- if (!company.hasFinishedRegistration) {
- return next(new APIError(
- HTTPStatus.FORBIDDEN,
- ErrorTypes.FORBIDDEN,
- (req.params?.companyId !== req.user.company) ? ValidationReasons.NOT_FOUND : ValidationReasons.REGISTRATION_NOT_FINISHED
- ));
- }
+ if (company.isDisabled && companyId !== req.user?.company?.toString())
+ return next(notFound());
 
  return next();
 };

diff --git a/src/api/routes/company.js b/src/api/routes/company.js
@@ -75,14 +75,23 @@ export default (app) => {
 
  router.get("/:companyId",
  validators.profile,
- (req, res, next) => companyMiddleware.restrictedAccess(req.params.companyId)(req, res, next),
- (req, res, next) => companyMiddleware.registrationStatus(req.params.companyId)(req, res, next),
+ (req, res, next) => companyMiddleware.canAccessProfile(req.params.companyId)(req, res, next),
  async (req, res) => {
- const company = await new CompanyService().findById(req.params.companyId, req.hasAdminPrivileges, req.hasAdminPrivileges);
- const offers = (await new OfferService()
- .getOffersByCompanyId(req.params.companyId, req.targetOwner, req.hasAdminPrivileges, {
- sort: { publishDate: "desc" }, limit: CompanyConstants.offers.max_profile_visible
- })
+ const company = await new CompanyService().findById(
+ req.params.companyId,
+ // Can be safely set to true, as the middleware takes
+ // care of validation for us
+ true,
+ req.hasAdminPrivileges
+ );
+ const offers = await new OfferService().getOffersByCompanyId(
+ req.params.companyId,
+ req.targetOwner,
+ req.hasAdminPrivileges,
+ {
+ sort: { publishDate: "desc" },
+ limit: CompanyConstants.offers.max_profile_visible,
+ }
  );
  return res.json({ company, offers });
  }