From 64f95c615c2a50dc5879bae4eead950b84dc7222 Mon Sep 17 00:00:00 2001
From: oduba samuel <samueloduba123@gmail.com>
Date: Mon, 22 Jul 2024 13:48:47 +0100
Subject: [PATCH] fix: fixed the user permission middleware and and the merge
 conflict

---
 src/middleware/checkUserRole.ts | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/middleware/checkUserRole.ts b/src/middleware/checkUserRole.ts
index e9038f27..86e04c37 100644
--- a/src/middleware/checkUserRole.ts
+++ b/src/middleware/checkUserRole.ts
@@ -1,14 +1,30 @@
 import { Request, Response, NextFunction } from "express";
 import { UserRole } from "../enums/userRoles";
 import { Unauthorized } from "./error";
+import { User } from "../models";
+import  AppDataSource  from "../data-source";
+import jwt from 'jsonwebtoken';
 
 
 export const checkPermissions = (roles: UserRole[]) => {
-  return (req: Request, res: Response, next: NextFunction) => {
-    const user = req.user;
+  return async (req: Request & { user?: User }, res: Response, next: NextFunction) => {
+    const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+  try {
+    const decodedToken = jwt.decode(token);
+    if (typeof decodedToken === 'string' || !decodedToken) {
+      return res.status(401).json({ status: 'error', message: 'Access denied. Invalid token' });
+    }
+    const userRepository = AppDataSource.getRepository(User);
+    const user = await userRepository.findOne({ where: { id: decodedToken.userId } });
+    console.log(user);
+    // if (user.role !== 'super_admin' )
     if (!user || !roles.includes(user.role)) {
-      throw new Unauthorized("You do not have permission to perform this action");
+      return res.status(401).json({ status: 'error', message: 'Access denied. Not an admin' });
     }
     next();
-  };
-};
+  } catch (error) {
+    res.status(401).json({ status: 'error', message: 'Access denied. Invalid token' });
+  }
+}
+}
\ No newline at end of file