roles

src/api/companies/[id]/fetch.ts

@@ -4,6 +4,7 @@ import { companies } from "../../../managers/companies";
 import { apiResponse } from "../../../modules/api-utils/apiResponse";
 import { ContentfulStatusCode } from "hono/utils/http-status";
 import { authMiddleware } from "../../middleware/authorization";
+import GenericError from "../../../Errors/GenericError";
 
 /* /v1/company/companies/[id] */
 export default createRoute(
@@ -12,10 +13,23 @@ export default createRoute(
 
   async (c) => {
     const company = await companies.fetch(c.req.param("identifier"));
+    const includeAddress = c.req.query("includeAddress") === "true";
+
+    // Check for address-specific permission if includeAddress is requested
+    if (includeAddress) {
+      const user = c.get("user");
+      if (!user || !(await user.hasPermission("company.fetch.address"))) {
+        throw new GenericError({
+          name: "InsufficientPermission",
+          message: "You do not have permission to view company addresses.",
+          status: 403,
+        });
+      }
+    }
 
     const response = apiResponse.successful(
       "Company Fetched Successfully!",
-      company,
+      company.toJson({ includeAddress }),
     );
     return c.json(response, response.status as ContentfulStatusCode);
   },