90 lines
2.7 KiB
JavaScript
90 lines
2.7 KiB
JavaScript
import express from "express";
|
|
import {
|
|
createProductManual,
|
|
getAllProductManuals,
|
|
getSingleProductManual,
|
|
updateProductManual,
|
|
deleteProductManual,
|
|
} from "./ProductManualController.js";
|
|
import {
|
|
isAuthenticatedUser,
|
|
authorizeRoles,
|
|
} from "../../middlewares/auth.js";
|
|
import { isAuthenticatedSalesCoOrdinator } from "../../middlewares/SalesCoOrdinatorAuth.js";
|
|
import { isAuthenticatedTerritoryManager } from "../../middlewares/TerritoryManagerAuth.js";
|
|
|
|
const router = express.Router();
|
|
|
|
// Route for creating a product manual (Only Admin can create)
|
|
router
|
|
.route("/create")
|
|
.post(isAuthenticatedUser, authorizeRoles("admin"), createProductManual);
|
|
|
|
// Route for getting all product manuals (accessible to Sales Coordinator, Territory Manager, and Admin)
|
|
router.route("/").get(
|
|
(req, res, next) => {
|
|
// Allow access if the user is a sales coordinator, territory manager, or admin
|
|
isAuthenticatedSalesCoOrdinator(req, res, (err) => {
|
|
if (err) {
|
|
isAuthenticatedTerritoryManager(req, res, (err) => {
|
|
if (err) {
|
|
isAuthenticatedUser(req, res, (err) => {
|
|
if (err || !["admin"].includes(req.user.role)) {
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: "Access denied. Unauthorized role.",
|
|
});
|
|
}
|
|
next();
|
|
});
|
|
} else {
|
|
next();
|
|
}
|
|
});
|
|
} else {
|
|
next();
|
|
}
|
|
});
|
|
},
|
|
getAllProductManuals
|
|
);
|
|
|
|
// Route for getting a single product manual by ID (accessible to Sales Coordinator, Territory Manager, and Admin)
|
|
router.route("/:id").get(
|
|
(req, res, next) => {
|
|
// Allow access if the user is a sales coordinator, territory manager, or admin
|
|
isAuthenticatedSalesCoOrdinator(req, res, (err) => {
|
|
if (err) {
|
|
isAuthenticatedTerritoryManager(req, res, (err) => {
|
|
if (err) {
|
|
isAuthenticatedUser(req, res, (err) => {
|
|
if (err || !["admin"].includes(req.user.role)) {
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: "Access denied. Unauthorized role.",
|
|
});
|
|
}
|
|
next();
|
|
});
|
|
} else {
|
|
next();
|
|
}
|
|
});
|
|
} else {
|
|
next();
|
|
}
|
|
});
|
|
},
|
|
getSingleProductManual
|
|
);
|
|
// Route to update a product manual by ID
|
|
router
|
|
.route("/update/:id")
|
|
.put(isAuthenticatedUser, authorizeRoles("admin"), updateProductManual);
|
|
|
|
// Route to delete a product manual by ID
|
|
router
|
|
.route("/delete/:id")
|
|
.delete(isAuthenticatedUser, authorizeRoles("admin"), deleteProductManual);
|
|
export default router;
|
|
// /api/productmanual
|