fix: includeAll dos produtores

RomuloNogueira02 · RomuloNogueira02 · commit ee9606caf513 · 2023-06-17T16:15:48.000+01:00
diff --git a/src/controllers/producers.ts b/src/controllers/producers.ts
@@ -19,7 +19,6 @@ import { Authentication } from '../external/Authentication';
 import { hasPermissions } from '../utils/hasPermission';
 import type { ProductionUnitFilters } from '../interfaces/ProductionUnitFilters';
 import { StringSearchType } from '../enums/StringSearchType';
-import { UnauthorizedError } from '../errors/UnauthorizedError';
 
 @Controller('/producers')
 @Injectable()
@@ -67,7 +66,16 @@ export class ProducersController {
 				pageSize: Joi.number().integer().min(1),
 				includeAll: Joi.boolean().optional()
 			})
-		})
+		}),
+		async (req, res, next) => {
+			if (req.query.includeAll) {
+				// eslint-disable-next-line @typescript-eslint/no-empty-function
+				await authenticationMiddleware(req, res, () => {});
+				// eslint-disable-next-line @typescript-eslint/no-empty-function
+				await authorizationMiddleware({ permissions: Permission.READ_OTHER_PRODUCER })(req, res, () => {});
+			}
+			next();
+		}
 	])
 	public async getProducers(@Response() res: Express.Response, @Request() req: Express.Request) {
 		const options: PaginatedOptions = {
@@ -76,9 +84,6 @@ export class ProducersController {
 		};
 		let producers;
 		if (req.query.includeAll) {
-			if (!req.authUser) throw new UnauthorizedError('User is not authenticated');
-			const user = await container.userGateway.findByAuthId(req.authUser.uid);
-			if (!hasPermissions(user!, Permission.READ_OTHER_PRODUCER)) throw new ForbiddenError('User may not include all');
 			producers = await container.producerGateway.findAllWithDeletedAt(options);
 		}
 
@@ -196,14 +201,20 @@ export class ProducersController {
 			query: Joi.object({
 				includeAll: Joi.boolean().optional()
 			})
-		})
+		}),
+		async (req, res, next) => {
+			if (req.query.includeAll) {
+				// eslint-disable-next-line @typescript-eslint/no-empty-function
+				await authenticationMiddleware(req, res, () => {});
+				// eslint-disable-next-line @typescript-eslint/no-empty-function
+				await authorizationMiddleware({ permissions: Permission.READ_OTHER_PRODUCER })(req, res, () => {});
+			}
+			next();
+		}
 	])
 	public async getProducer(@Response() res: Express.Response, @Params('producerId') producerId: number, @Request() req: Express.Request) {
 		let producer;
 		if (req.query.includeAll) {
-			if (!req.authUser) throw new UnauthorizedError('User is not authenticated');
-			const user = await container.userGateway.findByAuthId(req.authUser.uid);
-			if (!hasPermissions(user!, Permission.READ_OTHER_PRODUCER)) throw new ForbiddenError('User may not include all');
 			producer = await container.producerGateway.findByIdWithDeletedAt(producerId);
 		}
 
diff --git a/src/middlewares/authorization.ts b/src/middlewares/authorization.ts
@@ -28,7 +28,6 @@ export const authorizationMiddleware = ({
 		const user = await container.userGateway.findByAuthId(req.authUser.uid, { populate: ['role'] });
 		if (!user) throw new NotFoundError('Authenticated user not found');
 		req.user = user;
-
 		// Bitwise AND operator to check if the user has the required permission(s)
 		let hasBasePermission = true;
 		// Default to none if the user has no role
