feat: add document permission management with CRUD operations

Author: pokhrelgopal

src/app.ts

@@ -8,6 +8,7 @@ import userRoutes from "./routes/user.routes";
 import documentCategoryRoutes from "./routes/document-category.routes";
 import documentRoutes from "./routes/document.routes";
 import projectMemberRoutes from "./routes/project-member.routes";
+import documentPermissions from "./routes/document-permission.routes";
 
 import { auth } from "./middleware/auth.middleware";
 
@@ -35,5 +36,6 @@ app.use("/api/projects", projectRoutes);
 app.use("/api/document-categories", documentCategoryRoutes);
 app.use("/api/documents", documentRoutes);
 app.use("/api/project-members", projectMemberRoutes);
+app.use("/api/document-permissions", documentPermissions);
 
 export default app;

src/controllers/document-permission.controller.ts

@@ -0,0 +1,117 @@
+import { Request, Response, NextFunction } from "express";
+import prisma from "../db/prisma";
+import * as response from "../utils/response";
+
+export const addDocumentPermission = async (
+  req: Request,
+  res: Response,
+  next: NextFunction
+): Promise<void> => {
+  try {
+    const { documentId, userId } = req.body;
+
+    const existingPermission = await prisma.documentPermission.findUnique({
+      where: {
+        documentId_userId: {
+          documentId,
+          userId,
+        },
+      },
+    });
+
+    if (existingPermission) {
+      return response.errorResponse(
+        res,
+        "Permission already exists for this user on this document."
+      );
+    }
+
+    const documentPermission = await prisma.documentPermission.create({
+      data: {
+        documentId,
+        userId,
+      },
+    });
+
+    return response.successResponse(
+      res,
+      "Document permission added successfully.",
+      { documentPermission }
+    );
+  } catch (error) {
+    console.error(error);
+    response.errorResponse(res, "Internal server error.");
+  }
+};
+
+// Get all permissions for a document
+export const getDocumentPermissions = async (
+  req: Request,
+  res: Response,
+  next: NextFunction
+): Promise<void> => {
+  try {
+    const { documentId } = req.params;
+
+    const permissions = await prisma.documentPermission.findMany({
+      where: { documentId },
+      include: {
+        user: true, // Include user details
+      },
+    });
+
+    if (permissions.length === 0) {
+      return response.errorResponse(
+        res,
+        "No permissions found for this document."
+      );
+    }
+
+    return response.successResponse(
+      res,
+      "Document permissions fetched successfully.",
+      { permissions }
+    );
+  } catch (error) {
+    console.error(error);
+    response.errorResponse(res, "Internal server error.");
+  }
+};
+
+// Remove a permission from a document
+export const removeDocumentPermission = async (
+  req: Request,
+  res: Response,
+  next: NextFunction
+): Promise<void> => {
+  try {
+    const { documentId, userId } = req.params;
+
+    const documentPermission = await prisma.documentPermission.findUnique({
+      where: {
+        documentId_userId: {
+          documentId,
+          userId,
+        },
+      },
+    });
+
+    if (!documentPermission) {
+      return response.errorResponse(res, "Document permission not found.");
+    }
+
+    await prisma.documentPermission.delete({
+      where: {
+        id: documentPermission.id,
+      },
+    });
+
+    return response.successResponse(
+      res,
+      "Document permission removed successfully."
+    );
+  } catch (error) {
+    console.error(error);
+    response.errorResponse(res, "Internal server error.");
+  }
+};

src/controllers/user.controller.ts

@@ -5,7 +5,11 @@ import { nodeEnv } from "../config";
 import prisma from "../db/prisma";
 import * as response from "../utils/response";
 
-export const register = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
+export const register = async (
+  req: Request,
+  res: Response,
+  next: NextFunction
+): Promise<void> => {
   try {
     const { email, password, fullName } = req.body;
 
@@ -34,12 +38,15 @@ export const register = async (req: Request, res: Response, next: NextFunction):
     });
   } catch (error) {
     console.error(error);
-    res.status(500).json({ message: "Internal server error." });
+    return response.errorResponse(res, "Internal server error.");
   }
 };
 
-
-export const login = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
+export const login = async (
+  req: Request,
+  res: Response,
+  next: NextFunction
+): Promise<void> => {
   try {
     const { email, password } = req.body;
 
@@ -63,7 +70,7 @@ export const login = async (req: Request, res: Response, next: NextFunction): Pr
       secure: nodeEnv === "production",
       sameSite: "lax",
       path: "/",
-      expires: new Date(Date.now() + 1000 * 60 * 60 * 24), // 1 day
+      expires: new Date(Date.now() + 1000 * 60 * 60 * 24),
     });
 
     return response.successResponse(res, "Logged in successfully.", {
@@ -73,21 +80,29 @@ export const login = async (req: Request, res: Response, next: NextFunction): Pr
     });
   } catch (error) {
     console.error(error);
-    res.status(500).json({ message: "Internal server error." });
+    return response.errorResponse(res, "Internal server error.");
   }
 };
 
-export const logout = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
+export const logout = async (
+  req: Request,
+  res: Response,
+  next: NextFunction
+): Promise<void> => {
   try {
     res.clearCookie("token");
     return response.successResponse(res, "Logged out successfully.");
   } catch (error) {
     console.error(error);
-    res.status(500).json({ message: "Internal server error." });
+    return response.errorResponse(res, "Internal server error.");
   }
 };
 
-export const getMe = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
+export const getMe = async (
+  req: Request,
+  res: Response,
+  next: NextFunction
+): Promise<void> => {
   try {
     const userId = (req as any).user?.id;
 
@@ -110,6 +125,6 @@ export const getMe = async (req: Request, res: Response, next: NextFunction): Pr
     });
   } catch (error) {
     console.error(error);
-    res.status(500).json({ message: "Internal server error." });
+    return response.errorResponse(res, "Internal server error.");
   }
 };

src/routes/document-permission.routes.ts

@@ -0,0 +1,17 @@
+import express from "express";
+import {
+  addDocumentPermission,
+  getDocumentPermissions,
+  removeDocumentPermission,
+} from "../controllers/document-permission.controller";
+
+const router = express.Router();
+
+router.post("/document-permissions", addDocumentPermission);
+router.get("/document-permissions/:documentId", getDocumentPermissions);
+router.delete(
+  "/document-permissions/:documentId/:userId",
+  removeDocumentPermission
+);
+
+export default router;