roles and permissions

This commit is contained in:
Julian Krauser 2024-08-27 17:54:59 +02:00
parent d77c3ca1a5
commit 9808100d81
21 changed files with 389 additions and 59 deletions

View file

@ -32,6 +32,22 @@ export default class PermissionHelper {
return false;
}
static canSection(
permissions: PermissionObject,
type: PermissionType | "admin",
section: PermissionSection
): boolean {
if (type == "admin") return permissions.admin ?? false;
if (permissions.admin) return true;
if (
permissions[section]?.all == "*" ||
permissions[section]?.all?.includes(type) ||
permissions[section] != undefined
)
return true;
return false;
}
static passCheckMiddleware(
requiredPermissions: PermissionType | "admin",
section: PermissionSection,
@ -52,6 +68,25 @@ export default class PermissionHelper {
};
}
static sectionPassCheckMiddleware(
requiredPermissions: PermissionType | "admin",
section: PermissionSection
): (req: Request, res: Response, next: Function) => void {
return (req: Request, res: Response, next: Function) => {
const permissions = req.permissions;
if (this.canSection(permissions, requiredPermissions, section)) {
next();
} else {
throw new ForbiddenRequestException(
`missing permission for ${section}.${module}.${
Array.isArray(requiredPermissions) ? requiredPermissions.join("|") : requiredPermissions
}`
);
}
};
}
static convertToObject(permissions: Array<PermissionString>): PermissionObject {
if (permissions.includes("*")) {
return {