From 1b384a56b53d4080b6741e7cee18a8c350266ec0 Mon Sep 17 00:00:00 2001
From: Antony Kurniawan <antonynugroho467@gmail.com>
Date: Thu, 9 Oct 2025 03:19:13 +0700
Subject: [PATCH] fix: veryfy access

---
 middleware/verifyAcces.js | 42 ---------------------------------------
 routes/device.route.js    |  6 +++---
 2 files changed, 3 insertions(+), 45 deletions(-)
 delete mode 100644 middleware/verifyAcces.js

diff --git a/middleware/verifyAcces.js b/middleware/verifyAcces.js
deleted file mode 100644
index e982b89..0000000
--- a/middleware/verifyAcces.js
+++ /dev/null
@@ -1,42 +0,0 @@
-const { ErrorHandler } = require("../helpers/error");
-const { getUserByIdDb } = require("../db/user.db");
-
-const verifyAccess = (minLevel = 1, allowUnapprovedReadOnly = false) => {
-  return async (req, res, next) => {
-    try {
-      const user = req.user;
-
-      if (!user) throw new ErrorHandler(401, "Unauthorized: User not found");
-
-      // Super Admin bypass semua
-      if (user.is_sa) return next();
-
-      // Ambil user lengkap dari DB 
-      const fullUser = await getUserByIdDb(user.user_id);
-      if (!fullUser) throw new ErrorHandler(403, "Forbidden: User not found");
-
-      // Jika belum di-approve
-      if (!fullUser.is_approve) {
-        // Hanya boleh GET (read-only)
-        if (req.method !== "GET") {
-          throw new ErrorHandler(403, "Account not approved — read-only access");
-        }
-
-        if (allowUnapprovedReadOnly) return next();
-
-        throw new ErrorHandler(403, "Account not approved");
-      }
-
-      // Cek role level
-      if (!fullUser.role_level || fullUser.role_level < minLevel) {
-        throw new ErrorHandler(403, "Forbidden: Insufficient role level");
-      }
-
-      next();
-    } catch (err) {
-      next(err);
-    }
-  };
-};
-
-module.exports = verifyAccess;
diff --git a/routes/device.route.js b/routes/device.route.js
index 96cc382..a3f1f19 100644
--- a/routes/device.route.js
+++ b/routes/device.route.js
@@ -7,8 +7,8 @@ const router = express.Router();
 
 router.get('/', verifyToken.verifyAccessToken, DeviceController.getAll);
 router.get('/:id', verifyToken.verifyAccessToken, DeviceController.getById);
-router.post('/', verifyToken.verifyAccessToken, verifyAccess,  DeviceController.create);
-router.put('/:id', verifyToken.verifyAccessToken, verifyAccess, DeviceController.update);
-router.delete('/:id', verifyToken.verifyAccessToken, verifyAccess, DeviceController.delete);
+router.post('/', verifyToken.verifyAccessToken, verifyAccess(),  DeviceController.create);
+router.put('/:id', verifyToken.verifyAccessToken, verifyAccess(), DeviceController.update);
+router.delete('/:id', verifyToken.verifyAccessToken, verifyAccess(), DeviceController.delete);
 
 module.exports = router;
\ No newline at end of file