enhance: permission handling
This commit is contained in:
parent
9dd7686b67
commit
56484020d8
4 changed files with 49 additions and 56 deletions
|
|
@ -17,33 +17,30 @@ export default class PermissionHelper {
|
|||
permissions: PermissionObject,
|
||||
type: PermissionType | "admin",
|
||||
section: PermissionSection,
|
||||
module?: PermissionModule
|
||||
module: PermissionModule
|
||||
) {
|
||||
if (type == "admin") return permissions?.admin ?? permissions?.adminByOwner ?? false;
|
||||
if (permissions?.admin || permissions?.adminByOwner) return true;
|
||||
if (
|
||||
(!module &&
|
||||
permissions[section] != undefined &&
|
||||
(permissions[section]?.all == "*" || permissions[section]?.all?.includes(type))) ||
|
||||
permissions[section]?.all == "*" ||
|
||||
permissions[section]?.all?.includes(type)
|
||||
permissions[section]?.all?.includes(type) ||
|
||||
permissions[section]?.[module] == "*" ||
|
||||
permissions[section]?.[module]?.includes(type)
|
||||
)
|
||||
return true;
|
||||
if (module && (permissions[section]?.[module] == "*" || permissions[section]?.[module]?.includes(type)))
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
||||
static canSome(
|
||||
permissions: PermissionObject,
|
||||
checks: Array<{
|
||||
requiredPermissions: PermissionType | "admin";
|
||||
requiredPermission: PermissionType | "admin";
|
||||
section: PermissionSection;
|
||||
module?: PermissionModule;
|
||||
module: PermissionModule;
|
||||
}>
|
||||
) {
|
||||
checks.reduce<boolean>((prev, curr) => {
|
||||
return prev || this.can(permissions, curr.requiredPermissions, curr.section, curr.module);
|
||||
return prev || this.can(permissions, curr.requiredPermission, curr.section, curr.module);
|
||||
}, false);
|
||||
}
|
||||
|
||||
|
|
@ -66,12 +63,12 @@ export default class PermissionHelper {
|
|||
static canSomeSection(
|
||||
permissions: PermissionObject,
|
||||
checks: Array<{
|
||||
requiredPermissions: PermissionType | "admin";
|
||||
requiredPermission: PermissionType | "admin";
|
||||
section: PermissionSection;
|
||||
}>
|
||||
): boolean {
|
||||
return checks.reduce<boolean>((prev, curr) => {
|
||||
return prev || this.can(permissions, curr.requiredPermissions, curr.section);
|
||||
return prev || this.canSection(permissions, curr.requiredPermission, curr.section);
|
||||
}, false);
|
||||
}
|
||||
|
||||
|
|
@ -83,7 +80,7 @@ export default class PermissionHelper {
|
|||
static passCheckMiddleware(
|
||||
requiredPermissions: PermissionType | "admin",
|
||||
section: PermissionSection,
|
||||
module?: PermissionModule
|
||||
module: PermissionModule
|
||||
): (req: Request, res: Response, next: Function) => void {
|
||||
return (req: Request, res: Response, next: Function) => {
|
||||
const permissions = req.permissions;
|
||||
|
|
@ -99,9 +96,9 @@ export default class PermissionHelper {
|
|||
|
||||
static passCheckSomeMiddleware(
|
||||
checks: Array<{
|
||||
requiredPermissions: PermissionType | "admin";
|
||||
requiredPermission: PermissionType | "admin";
|
||||
section: PermissionSection;
|
||||
module?: PermissionModule;
|
||||
module: PermissionModule;
|
||||
}>
|
||||
): (req: Request, res: Response, next: Function) => void {
|
||||
return (req: Request, res: Response, next: Function) => {
|
||||
|
|
@ -111,9 +108,7 @@ export default class PermissionHelper {
|
|||
if (isOwner || this.canSome(permissions, checks)) {
|
||||
next();
|
||||
} else {
|
||||
let permissionsToPass = checks.reduce<string>((prev, curr) => {
|
||||
return prev + (prev != " or " ? "" : "") + `${curr.section}.${curr.module}.${curr.requiredPermissions}`;
|
||||
}, "");
|
||||
let permissionsToPass = checks.map((c) => `${c.section}.${c.module}.${c.requiredPermission}`).join(" or ");
|
||||
throw new ForbiddenRequestException(`missing permission for ${permissionsToPass}`);
|
||||
}
|
||||
};
|
||||
|
|
@ -136,7 +131,7 @@ export default class PermissionHelper {
|
|||
}
|
||||
|
||||
static sectionPassCheckSomeMiddleware(
|
||||
checks: Array<{ requiredPermissions: PermissionType | "admin"; section: PermissionSection }>
|
||||
checks: Array<{ requiredPermission: PermissionType | "admin"; section: PermissionSection }>
|
||||
): (req: Request, res: Response, next: Function) => void {
|
||||
return (req: Request, res: Response, next: Function) => {
|
||||
const permissions = req.permissions;
|
||||
|
|
@ -145,9 +140,7 @@ export default class PermissionHelper {
|
|||
if (isOwner || this.canSomeSection(permissions, checks)) {
|
||||
next();
|
||||
} else {
|
||||
let permissionsToPass = checks.reduce<string>((prev, curr) => {
|
||||
return prev + (prev != " or " ? "" : "") + `${curr.section}.${curr.requiredPermissions}`;
|
||||
}, "");
|
||||
let permissionsToPass = checks.map((c) => `${c.section}.${c.requiredPermission}`).join(" or ");
|
||||
throw new ForbiddenRequestException(`missing permission for ${permissionsToPass}`);
|
||||
}
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue