permissions middleware
This commit is contained in:
parent
c7e48c0334
commit
1d2b5ea420
7 changed files with 86 additions and 25 deletions
12
src/controller/permissionController.ts
Normal file
12
src/controller/permissionController.ts
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
import { Request, Response } from "express";
|
||||||
|
import { permissionModules, permissionSections, permissionTypes } from "../type/permissionTypes";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @description sections of permissions
|
||||||
|
* @param req {Request} Express req object
|
||||||
|
* @param res {Response} Express res object
|
||||||
|
* @returns {Promise<*>}
|
||||||
|
*/
|
||||||
|
export async function getSections(req: Request, res: Response): Promise<any> {
|
||||||
|
res.json(permissionSections);
|
||||||
|
}
|
||||||
|
|
@ -11,27 +11,36 @@ import {
|
||||||
import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
|
import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
|
||||||
|
|
||||||
export default class PermissionHelper {
|
export default class PermissionHelper {
|
||||||
static passCheckMiddleware(
|
static can(
|
||||||
|
permissions: PermissionObject,
|
||||||
|
type: PermissionType | "admin",
|
||||||
section: PermissionSection,
|
section: PermissionSection,
|
||||||
module: PermissionModule,
|
module?: PermissionModule
|
||||||
requiredPermissions: Array<PermissionType> | "*"
|
) {
|
||||||
|
if (type == "admin") return permissions.admin ?? false;
|
||||||
|
if (permissions.admin) return true;
|
||||||
|
if (
|
||||||
|
(!module &&
|
||||||
|
permissions[section] != undefined &&
|
||||||
|
(permissions[section]?.all == "*" || permissions[section]?.all?.includes(type))) ||
|
||||||
|
permissions[section]?.all == "*" ||
|
||||||
|
permissions[section]?.all?.includes(type)
|
||||||
|
)
|
||||||
|
return true;
|
||||||
|
if (module && (permissions[section]?.[module] == "*" || permissions[section]?.[module]?.includes(type)))
|
||||||
|
return true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
static passCheckMiddleware(
|
||||||
|
requiredPermissions: PermissionType | "admin",
|
||||||
|
section: PermissionSection,
|
||||||
|
module?: PermissionModule
|
||||||
): (req: Request, res: Response, next: Function) => void {
|
): (req: Request, res: Response, next: Function) => void {
|
||||||
return (req: Request, res: Response, next: Function) => {
|
return (req: Request, res: Response, next: Function) => {
|
||||||
const permissions = req.rights;
|
const permissions = req.permissions;
|
||||||
|
|
||||||
if (permissions.admin) {
|
if (this.can(permissions, requiredPermissions, section, module)) {
|
||||||
next();
|
|
||||||
} else if (permissions?.[section]?.all) {
|
|
||||||
next();
|
|
||||||
} else if (permissions?.[section]?.all) {
|
|
||||||
next();
|
|
||||||
} else if (permissions?.[section]?.[module] == "*") {
|
|
||||||
next();
|
|
||||||
} else if (
|
|
||||||
(permissions?.[section]?.[module] as Array<PermissionType>).some((e: PermissionType) =>
|
|
||||||
requiredPermissions.includes(e)
|
|
||||||
)
|
|
||||||
) {
|
|
||||||
next();
|
next();
|
||||||
} else {
|
} else {
|
||||||
throw new ForbiddenRequestException(
|
throw new ForbiddenRequestException(
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ declare global {
|
||||||
export interface Request {
|
export interface Request {
|
||||||
userId: string;
|
userId: string;
|
||||||
username: string;
|
username: string;
|
||||||
rights: PermissionObject;
|
permissions: PermissionObject;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@ export default async function authenticate(req: Request, res: Response, next: Fu
|
||||||
|
|
||||||
req.userId = decoded.userId;
|
req.userId = decoded.userId;
|
||||||
req.username = decoded.username;
|
req.username = decoded.username;
|
||||||
req.rights = decoded.rights;
|
req.permissions = decoded.rights;
|
||||||
|
|
||||||
next();
|
next();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@ import errorHandler from "../middleware/errorHandler";
|
||||||
|
|
||||||
import setup from "./setup";
|
import setup from "./setup";
|
||||||
import auth from "./auth";
|
import auth from "./auth";
|
||||||
|
import permission from "./permission";
|
||||||
|
import PermissionHelper from "../helpers/permissionHelper";
|
||||||
|
|
||||||
export default (app: Express) => {
|
export default (app: Express) => {
|
||||||
app.set("query parser", "extended");
|
app.set("query parser", "extended");
|
||||||
|
|
@ -23,8 +25,6 @@ export default (app: Express) => {
|
||||||
app.use("/setup", allowSetup, setup);
|
app.use("/setup", allowSetup, setup);
|
||||||
app.use("/auth", auth);
|
app.use("/auth", auth);
|
||||||
app.use(authenticate);
|
app.use(authenticate);
|
||||||
app.use("/secured", (req, res) => {
|
app.use("/permission", PermissionHelper.passCheckMiddleware("admin", "user"), permission);
|
||||||
res.send("hallo");
|
|
||||||
});
|
|
||||||
app.use(errorHandler);
|
app.use(errorHandler);
|
||||||
};
|
};
|
||||||
|
|
|
||||||
10
src/routes/permission.ts
Normal file
10
src/routes/permission.ts
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
import express from "express";
|
||||||
|
import { getSections } from "../controller/permissionController";
|
||||||
|
|
||||||
|
var router = express.Router({ mergeParams: true });
|
||||||
|
|
||||||
|
router.get("/sections", async (req, res) => {
|
||||||
|
await getSections(req, res);
|
||||||
|
});
|
||||||
|
|
||||||
|
export default router;
|
||||||
|
|
@ -1,8 +1,18 @@
|
||||||
export type PermissionSection = "club" | "settings" | "user";
|
export type PermissionSection = "club" | "settings" | "user";
|
||||||
|
|
||||||
export type PermissionModule = "protocoll" | "user";
|
export type PermissionModule =
|
||||||
|
| "members"
|
||||||
|
| "calendar"
|
||||||
|
| "newsletter"
|
||||||
|
| "protocoll"
|
||||||
|
| "qualification"
|
||||||
|
| "award"
|
||||||
|
| "executive_position"
|
||||||
|
| "communication"
|
||||||
|
| "user"
|
||||||
|
| "role";
|
||||||
|
|
||||||
export type PermissionType = "read" | "create" | "update" | "delete";
|
export type PermissionType = "create" | "read" | "update" | "delete";
|
||||||
|
|
||||||
export type PermissionString =
|
export type PermissionString =
|
||||||
| `${PermissionSection}.${PermissionModule}.${PermissionType}` // für spezifische Berechtigungen
|
| `${PermissionSection}.${PermissionModule}.${PermissionType}` // für spezifische Berechtigungen
|
||||||
|
|
@ -19,6 +29,26 @@ export type PermissionObject = {
|
||||||
admin?: boolean;
|
admin?: boolean;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
export type SectionsAndModulesObject = {
|
||||||
|
[section in PermissionSection]: Array<PermissionModule>;
|
||||||
|
};
|
||||||
|
|
||||||
export const permissionSections: Array<PermissionSection> = ["club", "settings", "user"];
|
export const permissionSections: Array<PermissionSection> = ["club", "settings", "user"];
|
||||||
export const permissionModules: Array<PermissionModule> = ["protocoll", "user"];
|
export const permissionModules: Array<PermissionModule> = [
|
||||||
|
"members",
|
||||||
|
"calendar",
|
||||||
|
"newsletter",
|
||||||
|
"protocoll",
|
||||||
|
"qualification",
|
||||||
|
"award",
|
||||||
|
"executive_position",
|
||||||
|
"communication",
|
||||||
|
"user",
|
||||||
|
"role",
|
||||||
|
];
|
||||||
export const permissionTypes: Array<PermissionType> = ["read", "create", "update", "delete"];
|
export const permissionTypes: Array<PermissionType> = ["read", "create", "update", "delete"];
|
||||||
|
export const sectionsAndModules: SectionsAndModulesObject = {
|
||||||
|
club: ["members", "calendar", "newsletter", "protocoll"],
|
||||||
|
settings: ["qualification", "award", "executive_position", "communication"],
|
||||||
|
user: ["user", "role"],
|
||||||
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue