Return to Revisions

1 of 2

asked Aug 12, 2019 at 15:53

Clean code: Permistion with middleware

In example, I have 4 model: User, Company, Project, Plant (in my project, it's have more: Plant, Job, Team...).

Model User: name, role, company: { id, role }, projects: [ { id, role } ], plants: [ { id, role } ]
Model Company: name, members [ ], projects [ ]
Model Project: title, members [ ], company, plants [ ]
Model Plant: title, members [ ], project, jobs [ ]

First, I make simple code to check role, (write in middleware.js

const isAdmin = (user) => {
    return user.role === "admin"
}

const isCompanyMember = (user, companyId) => {
    return user.company.id && user.company.id.equals(companyId)
}

To check multi permistion, I make a function and always use it in middleware.

const checkPermit = (...checks) => {
    let permit = 0
    for (let i = 0; i < checks.length; i++) {
        if (checks[i]) permit = 1
    }
    return permit
}

After that, I write this function to get list user by project id (write in controller.js)

const getListUsersByProjectId = async (req, res, next) => {
    const { projectId } = req.params
    try {
        const project = await Project.findById(projectId)
            .select("members")
            .populate("members", "name")
        if (!project) return next("Project not found")
        res.json({
            result: 'ok',
            message: "Find list of users successfully",
            data: project
        })
    } catch (error) {
        next(error)
    }
}

To find project easily in router, i write a function:

const findProject = (projectId) => {
    return Project.findById(projectId)
}

Finally, I write a router (write in router.js):

router.get('/get-list-users/:projectId',
    authentication.required,
    // I set signed user to req.user in function authentication.required
    async (req, res, next) => {
        try {
            let { user } = req
            let project = await findProject(req.params.projectId)
            if (!project) return next("Can not find project")
            let permit = checkPermit(
                isAdmin(user)
                isCompanyMember(user, project.company)
            )
            if (permit) return next()
            else return next("You don't have authorization to do this action!")
        } catch (error) {
            next(error)
        }
    },
    getListUsersByProjectId
)

It's my ideal and it working well but this code not fun! How to make this code cleanly? I want help from you!

asked Aug 12, 2019 at 15:53

Nguyen Van Tuan