diff --git a/src/controller/permissionController.ts b/src/controller/permissionController.ts new file mode 100644 index 0000000..08a141c --- /dev/null +++ b/src/controller/permissionController.ts @@ -0,0 +1,12 @@ +import { Request, Response } from "express"; +import { permissionModules, permissionSections, permissionTypes } from "../type/permissionTypes"; + +/** + * @description sections of permissions + * @param req {Request} Express req object + * @param res {Response} Express res object + * @returns {Promise<*>} + */ +export async function getSections(req: Request, res: Response): Promise { + res.json(permissionSections); +} diff --git a/src/helpers/permissionHelper.ts b/src/helpers/permissionHelper.ts index 9659ad0..a078028 100644 --- a/src/helpers/permissionHelper.ts +++ b/src/helpers/permissionHelper.ts @@ -11,27 +11,36 @@ import { import ForbiddenRequestException from "../exceptions/forbiddenRequestException"; export default class PermissionHelper { - static passCheckMiddleware( + static can( + permissions: PermissionObject, + type: PermissionType | "admin", section: PermissionSection, - module: PermissionModule, - requiredPermissions: Array | "*" + module?: PermissionModule + ) { + if (type == "admin") return permissions.admin ?? false; + if (permissions.admin) return true; + if ( + (!module && + permissions[section] != undefined && + (permissions[section]?.all == "*" || permissions[section]?.all?.includes(type))) || + permissions[section]?.all == "*" || + permissions[section]?.all?.includes(type) + ) + return true; + if (module && (permissions[section]?.[module] == "*" || permissions[section]?.[module]?.includes(type))) + return true; + return false; + } + + static passCheckMiddleware( + requiredPermissions: PermissionType | "admin", + section: PermissionSection, + module?: PermissionModule ): (req: Request, res: Response, next: Function) => void { return (req: Request, res: Response, next: Function) => { - const permissions = req.rights; + const permissions = req.permissions; - if (permissions.admin) { - next(); - } else if (permissions?.[section]?.all) { - next(); - } else if (permissions?.[section]?.all) { - next(); - } else if (permissions?.[section]?.[module] == "*") { - next(); - } else if ( - (permissions?.[section]?.[module] as Array).some((e: PermissionType) => - requiredPermissions.includes(e) - ) - ) { + if (this.can(permissions, requiredPermissions, section, module)) { next(); } else { throw new ForbiddenRequestException( diff --git a/src/index.ts b/src/index.ts index 3bd269a..833e7c1 100644 --- a/src/index.ts +++ b/src/index.ts @@ -9,7 +9,7 @@ declare global { export interface Request { userId: string; username: string; - rights: PermissionObject; + permissions: PermissionObject; } } } diff --git a/src/middleware/authenticate.ts b/src/middleware/authenticate.ts index 51fff04..ef3713d 100644 --- a/src/middleware/authenticate.ts +++ b/src/middleware/authenticate.ts @@ -31,7 +31,7 @@ export default async function authenticate(req: Request, res: Response, next: Fu req.userId = decoded.userId; req.username = decoded.username; - req.rights = decoded.rights; + req.permissions = decoded.rights; next(); } diff --git a/src/routes/index.ts b/src/routes/index.ts index ccbb953..f5e7226 100644 --- a/src/routes/index.ts +++ b/src/routes/index.ts @@ -8,6 +8,8 @@ import errorHandler from "../middleware/errorHandler"; import setup from "./setup"; import auth from "./auth"; +import permission from "./permission"; +import PermissionHelper from "../helpers/permissionHelper"; export default (app: Express) => { app.set("query parser", "extended"); @@ -23,8 +25,6 @@ export default (app: Express) => { app.use("/setup", allowSetup, setup); app.use("/auth", auth); app.use(authenticate); - app.use("/secured", (req, res) => { - res.send("hallo"); - }); + app.use("/permission", PermissionHelper.passCheckMiddleware("admin", "user"), permission); app.use(errorHandler); }; diff --git a/src/routes/permission.ts b/src/routes/permission.ts new file mode 100644 index 0000000..cb085e9 --- /dev/null +++ b/src/routes/permission.ts @@ -0,0 +1,10 @@ +import express from "express"; +import { getSections } from "../controller/permissionController"; + +var router = express.Router({ mergeParams: true }); + +router.get("/sections", async (req, res) => { + await getSections(req, res); +}); + +export default router; diff --git a/src/type/permissionTypes.ts b/src/type/permissionTypes.ts index ddac15e..f042390 100644 --- a/src/type/permissionTypes.ts +++ b/src/type/permissionTypes.ts @@ -1,8 +1,18 @@ export type PermissionSection = "club" | "settings" | "user"; -export type PermissionModule = "protocoll" | "user"; +export type PermissionModule = + | "members" + | "calendar" + | "newsletter" + | "protocoll" + | "qualification" + | "award" + | "executive_position" + | "communication" + | "user" + | "role"; -export type PermissionType = "read" | "create" | "update" | "delete"; +export type PermissionType = "create" | "read" | "update" | "delete"; export type PermissionString = | `${PermissionSection}.${PermissionModule}.${PermissionType}` // für spezifische Berechtigungen @@ -19,6 +29,26 @@ export type PermissionObject = { admin?: boolean; }; +export type SectionsAndModulesObject = { + [section in PermissionSection]: Array; +}; + export const permissionSections: Array = ["club", "settings", "user"]; -export const permissionModules: Array = ["protocoll", "user"]; +export const permissionModules: Array = [ + "members", + "calendar", + "newsletter", + "protocoll", + "qualification", + "award", + "executive_position", + "communication", + "user", + "role", +]; export const permissionTypes: Array = ["read", "create", "update", "delete"]; +export const sectionsAndModules: SectionsAndModulesObject = { + club: ["members", "calendar", "newsletter", "protocoll"], + settings: ["qualification", "award", "executive_position", "communication"], + user: ["user", "role"], +};