permissions middleware

2024-08-27 11:47:27 +02:00 · 2024-08-27 11:47:27 +02:00 · 1d2b5ea420
commit 1d2b5ea420
parent c7e48c0334
7 changed files with 86 additions and 25 deletions
--- a/src/controller/permissionController.ts
+++ b/src/controller/permissionController.ts
@ -0,0 +1,12 @@
+import { Request, Response } from "express";
+import { permissionModules, permissionSections, permissionTypes } from "../type/permissionTypes";
+
+/**
+ * @description sections of permissions
+ * @param req {Request} Express req object
+ * @param res {Response} Express res object
+ * @returns {Promise<*>}
+ */
+export async function getSections(req: Request, res: Response): Promise<any> {
+  res.json(permissionSections);
+}
--- a/src/helpers/permissionHelper.ts
+++ b/src/helpers/permissionHelper.ts
@ -11,27 +11,36 @@ import {
 import ForbiddenRequestException from "../exceptions/forbiddenRequestException";

 export default class PermissionHelper {
-  static passCheckMiddleware(
+  static can(
+    permissions: PermissionObject,
+    type: PermissionType | "admin",
    section: PermissionSection,
-    module: PermissionModule,
-    requiredPermissions: Array<PermissionType> | "*"
+    module?: PermissionModule
+  ) {
+    if (type == "admin") return permissions.admin ?? false;
+    if (permissions.admin) return true;
+    if (
+      (!module &&
+        permissions[section] != undefined &&
+        (permissions[section]?.all == "*" || permissions[section]?.all?.includes(type))) ||
+      permissions[section]?.all == "*" ||
+      permissions[section]?.all?.includes(type)
+    )
+      return true;
+    if (module && (permissions[section]?.[module] == "*" || permissions[section]?.[module]?.includes(type)))
+      return true;
+    return false;
+  }
+
+  static passCheckMiddleware(
+    requiredPermissions: PermissionType | "admin",
+    section: PermissionSection,
+    module?: PermissionModule
  ): (req: Request, res: Response, next: Function) => void {
    return (req: Request, res: Response, next: Function) => {
-      const permissions = req.rights;
+      const permissions = req.permissions;

-      if (permissions.admin) {
-        next();
-      } else if (permissions?.[section]?.all) {
-        next();
-      } else if (permissions?.[section]?.all) {
-        next();
-      } else if (permissions?.[section]?.[module] == "*") {
-        next();
-      } else if (
-        (permissions?.[section]?.[module] as Array<PermissionType>).some((e: PermissionType) =>
-          requiredPermissions.includes(e)
-        )
-      ) {
+      if (this.can(permissions, requiredPermissions, section, module)) {
        next();
      } else {
        throw new ForbiddenRequestException(
--- a/src/index.ts
+++ b/src/index.ts
@ -9,7 +9,7 @@ declare global {
    export interface Request {
      userId: string;
      username: string;
-      rights: PermissionObject;
+      permissions: PermissionObject;
    }
  }
 }
--- a/src/middleware/authenticate.ts
+++ b/src/middleware/authenticate.ts
@ -31,7 +31,7 @@ export default async function authenticate(req: Request, res: Response, next: Fu

  req.userId = decoded.userId;
  req.username = decoded.username;
-  req.rights = decoded.rights;
+  req.permissions = decoded.rights;

  next();
 }
--- a/src/routes/index.ts
+++ b/src/routes/index.ts
@ -8,6 +8,8 @@ import errorHandler from "../middleware/errorHandler";

 import setup from "./setup";
 import auth from "./auth";
+import permission from "./permission";
+import PermissionHelper from "../helpers/permissionHelper";

 export default (app: Express) => {
  app.set("query parser", "extended");
@ -23,8 +25,6 @@ export default (app: Express) => {
  app.use("/setup", allowSetup, setup);
  app.use("/auth", auth);
  app.use(authenticate);
-  app.use("/secured", (req, res) => {
-    res.send("hallo");
-  });
+  app.use("/permission", PermissionHelper.passCheckMiddleware("admin", "user"), permission);
  app.use(errorHandler);
 };
--- a/src/routes/permission.ts
+++ b/src/routes/permission.ts
@ -0,0 +1,10 @@
+import express from "express";
+import { getSections } from "../controller/permissionController";
+
+var router = express.Router({ mergeParams: true });
+
+router.get("/sections", async (req, res) => {
+  await getSections(req, res);
+});
+
+export default router;
--- a/src/type/permissionTypes.ts
+++ b/src/type/permissionTypes.ts
@ -1,8 +1,18 @@
 export type PermissionSection = "club" | "settings" | "user";

-export type PermissionModule = "protocoll" | "user";
+export type PermissionModule =
+  | "members"
+  | "calendar"
+  | "newsletter"
+  | "protocoll"
+  | "qualification"
+  | "award"
+  | "executive_position"
+  | "communication"
+  | "user"
+  | "role";

-export type PermissionType = "read" | "create" | "update" | "delete";
+export type PermissionType = "create" | "read" | "update" | "delete";

 export type PermissionString =
  | `${PermissionSection}.${PermissionModule}.${PermissionType}` // für spezifische Berechtigungen
@ -19,6 +29,26 @@ export type PermissionObject = {
  admin?: boolean;
 };

+export type SectionsAndModulesObject = {
+  [section in PermissionSection]: Array<PermissionModule>;
+};
+
 export const permissionSections: Array<PermissionSection> = ["club", "settings", "user"];
-export const permissionModules: Array<PermissionModule> = ["protocoll", "user"];
+export const permissionModules: Array<PermissionModule> = [
+  "members",
+  "calendar",
+  "newsletter",
+  "protocoll",
+  "qualification",
+  "award",
+  "executive_position",
+  "communication",
+  "user",
+  "role",
+];
 export const permissionTypes: Array<PermissionType> = ["read", "create", "update", "delete"];
+export const sectionsAndModules: SectionsAndModulesObject = {
+  club: ["members", "calendar", "newsletter", "protocoll"],
+  settings: ["qualification", "award", "executive_position", "communication"],
+  user: ["user", "role"],
+};