roles and permissions
This commit is contained in:
parent
d77c3ca1a5
commit
9808100d81
21 changed files with 389 additions and 59 deletions
|
@ -32,6 +32,22 @@ export default class PermissionHelper {
|
|||
return false;
|
||||
}
|
||||
|
||||
static canSection(
|
||||
permissions: PermissionObject,
|
||||
type: PermissionType | "admin",
|
||||
section: PermissionSection
|
||||
): boolean {
|
||||
if (type == "admin") return permissions.admin ?? false;
|
||||
if (permissions.admin) return true;
|
||||
if (
|
||||
permissions[section]?.all == "*" ||
|
||||
permissions[section]?.all?.includes(type) ||
|
||||
permissions[section] != undefined
|
||||
)
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
||||
static passCheckMiddleware(
|
||||
requiredPermissions: PermissionType | "admin",
|
||||
section: PermissionSection,
|
||||
|
@ -52,6 +68,25 @@ export default class PermissionHelper {
|
|||
};
|
||||
}
|
||||
|
||||
static sectionPassCheckMiddleware(
|
||||
requiredPermissions: PermissionType | "admin",
|
||||
section: PermissionSection
|
||||
): (req: Request, res: Response, next: Function) => void {
|
||||
return (req: Request, res: Response, next: Function) => {
|
||||
const permissions = req.permissions;
|
||||
|
||||
if (this.canSection(permissions, requiredPermissions, section)) {
|
||||
next();
|
||||
} else {
|
||||
throw new ForbiddenRequestException(
|
||||
`missing permission for ${section}.${module}.${
|
||||
Array.isArray(requiredPermissions) ? requiredPermissions.join("|") : requiredPermissions
|
||||
}`
|
||||
);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
static convertToObject(permissions: Array<PermissionString>): PermissionObject {
|
||||
if (permissions.includes("*")) {
|
||||
return {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue