35 lines
1.4 KiB
JavaScript
35 lines
1.4 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const auth = require('../middleware/authMiddleware');
|
|
const ctrl = require('../controller/companyStamp/CompanyStampController');
|
|
|
|
function adminOnly(req, res, next) {
|
|
if (!req.user || !['admin','super_admin'].includes(req.user.role)) {
|
|
return res.status(403).json({ error: 'Admin role required' });
|
|
}
|
|
next();
|
|
}
|
|
|
|
// NEW: ensure service sees a "company" user_type for admin users
|
|
function forceCompanyForAdmin(req, res, next) {
|
|
if (req.user && ['admin','super_admin'].includes(req.user.role) && req.user.user_type !== 'company') {
|
|
req.user.user_type = 'company'; // mimic company to satisfy service checks
|
|
}
|
|
next();
|
|
}
|
|
|
|
// NOTE: For primary company (id=1) only one stamp is allowed. Uploading again returns 409 with existing preview.
|
|
router.post('/company-stamps', auth, adminOnly, forceCompanyForAdmin, ctrl.upload);
|
|
router.get('/company-stamps/mine', auth, adminOnly, forceCompanyForAdmin, ctrl.listMine);
|
|
router.get('/company-stamps/mine/active', auth, adminOnly, forceCompanyForAdmin, ctrl.activeMine);
|
|
router.patch('/company-stamps/:id/activate', auth, adminOnly, forceCompanyForAdmin, ctrl.activate);
|
|
router.delete('/company-stamps/:id', auth, adminOnly, forceCompanyForAdmin, ctrl.delete);
|
|
|
|
module.exports = router;
|
|
|
|
/*
|
|
Mount example (in main app):
|
|
const companyStampRoutes = require('./routes/companyStamps');
|
|
app.use('/api', companyStampRoutes);
|
|
*/
|