m3mo/ininventer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ininventer/backend/controllers/companyController.js

184 lines
4.4 KiB
JavaScript
Raw Permalink Blame History

const Company = require('../models/Company');
const User = require('../models/User');
const { validationResult } = require('express-validator');
// @desc Get all companies
// @route GET /api/companies
// @access Private (superadmin: all companies, companyadmin/employer: only their company)
exports.getCompanies = async (req, res, next) => {
try {
let companies;
// If superadmin, get all companies
if (req.user.role === 'superadmin') {
companies = await Company.find();
} else {
// For companyadmin and employer, get only their company
companies = await Company.find({ _id: req.user.companyId });
}
res.status(200).json({
success: true,
count: companies.length,
data: companies
});
} catch (error) {
next(error);
}
};
// @desc Get single company
// @route GET /api/companies/:id
// @access Private (superadmin: any company, companyadmin/employer: only their company)
exports.getCompany = async (req, res, next) => {
try {
const company = await Company.findById(req.params.id);
if (!company) {
return res.status(404).json({
success: false,
message: 'Company not found'
});
}
// Check if user is trying to access a company they don't belong to
if (req.user.role !== 'superadmin' &&
company._id.toString() !== req.user.companyId.toString()) {
return res.status(403).json({
success: false,
message: 'Not authorized to access this company'
});
}
res.status(200).json({
success: true,
data: company
});
} catch (error) {
next(error);
}
};
// @desc Create company
// @route POST /api/companies
// @access Private (superadmin only)
exports.createCompany = async (req, res, next) => {
try {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({
success: false,
errors: errors.array()
});
}
// Only superadmin can create companies
if (req.user.role !== 'superadmin') {
return res.status(403).json({
success: false,
message: 'Only superadmin can create companies'
});
}
const company = await Company.create({
...req.body,
createdBy: req.user._id
});
res.status(201).json({
success: true,
data: company
});
} catch (error) {
next(error);
}
};
// @desc Update company
// @route PUT /api/companies/:id
// @access Private (superadmin only)
exports.updateCompany = async (req, res, next) => {
try {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({
success: false,
errors: errors.array()
});
}
// Only superadmin can update companies
if (req.user.role !== 'superadmin') {
return res.status(403).json({
success: false,
message: 'Only superadmin can update companies'
});
}
let company = await Company.findById(req.params.id);
if (!company) {
return res.status(404).json({
success: false,
message: 'Company not found'
});
}
company = await Company.findByIdAndUpdate(
req.params.id,
req.body,
{ new: true, runValidators: true }
);
res.status(200).json({
success: true,
data: company
});
} catch (error) {
next(error);
}
};
// @desc Delete company
// @route DELETE /api/companies/:id
// @access Private (superadmin only)
exports.deleteCompany = async (req, res, next) => {
try {
// Only superadmin can delete companies
if (req.user.role !== 'superadmin') {
return res.status(403).json({
success: false,
message: 'Only superadmin can delete companies'
});
}
const company = await Company.findById(req.params.id);
if (!company) {
return res.status(404).json({
success: false,
message: 'Company not found'
});
}
// Check if there are users associated with this company
const usersCount = await User.countDocuments({ companyId: company._id });
if (usersCount > 0) {
return res.status(400).json({
success: false,
message: 'Cannot delete company with associated users'
});
}
await company.deleteOne();
res.status(200).json({
success: true,
data: {}
});
} catch (error) {
next(error);
}
};
Reference in New Issue View Git Blame Copy Permalink