Step 6: Implement middleware for permission checks
Let’s create a middleware to check for permissions:
// middleware/permissions.js
const { User, Group, Permission } = require('../models');
const checkPermission = (requiredPermission) => {
return async (req, res, next) => {
try {
const user = await User.findByPk(req.user.id, {
include: [
{
model: Permission,
},
{
model: Group,
include: [Permission],
},
],
});
const userPermissions = user.Permissions.map(p => p.codename);
const groupPermissions = user.Groups.flatMap(g => g.Permissions.map(p => p.codename));
const allPermissions = [...new Set([...userPermissions, ...groupPermissions])];
if (allPermissions.includes(requiredPermission)) {
next();
} else {
res.status(403).send({ message: "You don't have permission to perform this action." });
}
} catch (err) {
res.status(500).send({ message: err.message });
}
};
};
module.exports = checkPermission;