Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- const userSchema = new Schema({
- first_name: String,
- last_name: String,
- email: String,
- phone: String,
- avatar: String,
- password: String,
- active: Boolean
- });
- const User = mongoose.model('user', userSchema);
- const accountSchema = mongoose.Schema({
- account_type: { type: String, enum: ['single', 'organization'], default: 'single' },
- organization: { type: Schema.Types.ObjectId, ref: 'organization', required: false },
- billing_address: String,
- shipping_address: String,
- });
- const Account = mongoose.model('account', accountSchema);
- const accountUserSchema = mongoose.Schema({
- user : { type: Schema.Types.ObjectId, ref: 'user', },
- role: { type: String, enum: ['admin', 'user'], default: 'user' },
- account: { type: Schema.Types.ObjectId, ref: 'account', required: true }
- });
- const AccountUser = mongoose.model('accountUser', accountUserRoleSchema);
- const permissionSchema = mongoose.Schema({
- user : { type: Schema.Types.ObjectId, ref: 'user', required: true },
- type: { type: Schema.Types.ObjectId, ref: 'permissionType', required: true },
- read: { type: Boolean, default: false, required: true },
- write: { type: Boolean, default: false, required: true },
- delete: { type: Boolean, default: false, required: true },
- accountUser : { type: Schema.Types.ObjectId, ref: 'account',required: true }
- });
- const Permission = mongoose.model('permission', permissionSchema);
- const permissionTypeSchema = mongoose.Schema({
- name : { type: String, required: true }
- });
- const PermissionType = mongoose.model('permissionType', permissionTypeSchema);
- const organizationSchema = mongoose.Schema({
- account : { type: Schema.Types.ObjectId, ref: 'account', },
- name: { type: String, required: true },
- logo: { type: String, required: true }
- });
- const Organization = mongoose.model('organization', organizationSchema);
- module.exports = {
- checkAccess : (permission_type,action) => {
- return async (req, res, next) => {
- // check if the user object is in the request after verifying jwt
- if(req.user){
- // find the accountUserRole with the user data from the req after passort jwt auth
- const accountUser = AccountUserRole.findOne({ user :new ObjectId( req.user._id) }).populate('account','type');
- if(accountUser)
- {
- // find the account and check the type
- if(accountUser.account)
- {
- if(accountUser.account.type === 'single')
- {
- // if account is single grant access
- return next();
- }
- else if(accountUser.account.type === 'organization'){
- // find the user permission
- // check permission with permission type and see if action is true
- // if true move to next middileware else throw access denied error
- }
- }
- }
- }
- }
- }
- }
- const userSchema = new Schema({
- first_name: String,
- last_name: String,
- email: String,
- phone: String,
- avatar: String,
- password: String,
- active: Boolean
- account : { type: Schema.Types.ObjectId, ref: 'account', },
- role: { type: String, enum: ['admin', 'user'], default: 'user' },
- permssion: [
- {
- type: { type: Schema.Types.ObjectId, ref: 'permissionType', required: true },
- read: { type: Boolean, default: false, required: true },
- write: { type: Boolean, default: false, required: true },
- delete: { type: Boolean, default: false, required: true },
- }
- ]
- });
- const User = mongoose.model('user', userSchema);
- const accountSchema = mongoose.Schema({
- account_type: { type: String, enum: ['single', 'organization'], default: 'single' },
- organization: {
- name: { type: String, required: true },
- logo: { type: String, required: true }
- },
- billing_address: String,
- shipping_address: String,
- });
- const Account = mongoose.model('account', accountSchema);
- const permissionTypeSchema = mongoose.Schema({
- name : { type: String, required: true }
- });
- const PermissionType = mongoose.model('permissionType', permissionTypeSchema);
Add Comment
Please, Sign In to add comment