middleware/verifyAccess.js

@@ -1,6 +1,10 @@
 const { ErrorHandler } = require("../helpers/error");
 const { getUserByIdDb } = require("../db/user.db");
 
+function isPhoneNumberID(phone) {
+  return /^(?:\+62|62|0)8[1-9][0-9]{6,10}$/.test(phone);
+}
+
 const verifyAccess = (minLevel = 1, allowUnapprovedReadOnly = false) => {
   return async (req, res, next) => {
     try {
@@ -11,6 +15,7 @@ const verifyAccess = (minLevel = 1, allowUnapprovedReadOnly = false) => {
       // Super Admin bypass semua
       if (user.is_sa) return next();
 
+      if (!isPhoneNumberID(user.user_id)) {
         const fullUser = await getUserByIdDb(user.user_id);
         if (!fullUser) throw new ErrorHandler(403, "Forbidden: User not found");
 
@@ -27,6 +32,14 @@ const verifyAccess = (minLevel = 1, allowUnapprovedReadOnly = false) => {
         if (!fullUser.role_level || fullUser.role_level < minLevel) {
           throw new ErrorHandler(403, "Forbidden: Insufficient role level");
         }
+      } else {
+        if (req.method !== 'GET' && req.baseUrl !== '/api/notification-log') {
+          if (req.baseUrl !== '/api/notification') {
+            throw new ErrorHandler(403, "Forbidden: Insufficient Access");
+          }
+        }
+
+      }
 
       next();
     } catch (err) {

routes/notification_error.route.js

@@ -26,7 +26,7 @@ router
   .get(verifyToken.verifyAccessToken, NotificationErrorController.getById)
   .put(
     verifyToken.verifyAccessToken,
-    // verifyAccess(),
+    verifyAccess(),
     NotificationErrorController.update
   );
 

routes/notification_error_log.route.js

@@ -9,7 +9,7 @@ router.route("/")
     .get(verifyToken.verifyAccessToken, NotificationErrorLogController.getAll)
     .post(
         verifyToken.verifyAccessToken,
-        // verifyAccess(),
+        verifyAccess(),
         NotificationErrorLogController.create);
 
 router.route("/:id")