foxerBN/crm-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code quality improvements from code review

Browse Source 
- Add admin-only authorization for company and projects CRUD operations
- Create requireAccountId middleware to eliminate code duplication
- Standardize error handling (use next(error) consistently)
- Change error messages to Slovak language

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
richardtekula
2025-12-05 11:03:32 +01:00
parent 03b7a215bb
commit 6f4a31e9de
19 changed files with 186 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/routes/company.routes.js
View File

@@ -1,6 +1,7 @@
import express from 'express';
import * as companyController from '../controllers/company.controller.js';
import { authenticate } from '../middlewares/auth/authMiddleware.js';
import { requireAdmin } from '../middlewares/auth/roleMiddleware.js';
import { validateBody, validateParams } from '../middlewares/security/validateInput.js';
import { createCompanySchema, updateCompanySchema, createCompanyReminderSchema, updateCompanyReminderSchema } from '../validators/crm.validators.js';
import { z } from 'zod';
@@ -39,24 +40,27 @@ router.get(
companyController.getCompanyById
);
// Create new company
// Create new company (admin only)
router.post(
'/',
requireAdmin,
validateBody(createCompanySchema),
companyController.createCompany
);
// Update company
// Update company (admin only)
router.patch(
'/:companyId',
requireAdmin,
validateParams(z.object({ companyId: z.string().uuid() })),
validateBody(updateCompanySchema),
companyController.updateCompany
);
// Delete company
// Delete company (admin only)
router.delete(
'/:companyId',
requireAdmin,
validateParams(z.object({ companyId: z.string().uuid() })),
companyController.deleteCompany
);
@@ -70,6 +74,7 @@ router.get(
router.post(
'/:companyId/notes',
requireAdmin,
validateParams(z.object({ companyId: z.string().uuid() })),
validateBody(z.object({
content: z.string().min(1),
@@ -79,6 +84,7 @@ router.post(
router.patch(
'/:companyId/notes/:noteId',
requireAdmin,
validateParams(z.object({
companyId: z.string().uuid(),
noteId: z.string().uuid()
@@ -91,6 +97,7 @@ router.patch(
router.delete(
'/:companyId/notes/:noteId',
requireAdmin,
validateParams(z.object({
companyId: z.string().uuid(),
noteId: z.string().uuid()
@@ -107,6 +114,7 @@ router.get(
router.post(
'/:companyId/reminders',
requireAdmin,
validateParams(z.object({ companyId: z.string().uuid() })),
validateBody(createCompanyReminderSchema),
companyController.createCompanyReminder
@@ -114,6 +122,7 @@ router.post(
router.patch(
'/:companyId/reminders/:reminderId',
requireAdmin,
validateParams(z.object({
companyId: z.string().uuid(),
reminderId: z.string().uuid()
@@ -124,6 +133,7 @@ router.patch(
router.delete(
'/:companyId/reminders/:reminderId',
requireAdmin,
validateParams(z.object({
companyId: z.string().uuid(),
reminderId: z.string().uuid()