From b778b6faa759c8edda6508c9874e311d71eaebad Mon Sep 17 00:00:00 2001
From: Julian Krauser <jkrauser209@gmail.com>
Date: Fri, 16 May 2025 11:17:02 +0200
Subject: [PATCH] enhance: permission handling

---
 src/helpers/permissionHelper.ts | 48 +++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/src/helpers/permissionHelper.ts b/src/helpers/permissionHelper.ts
index c6476e4..d023f5c 100644
--- a/src/helpers/permissionHelper.ts
+++ b/src/helpers/permissionHelper.ts
@@ -73,6 +73,23 @@ export default class PermissionHelper {
     }, false);
   }
 
+  static canAccessSection(permissions: PermissionObject, section: PermissionSection): boolean {
+    if (permissions?.admin || permissions?.adminByOwner) return true;
+    if (permissions[section] != undefined) return true;
+    return false;
+  }
+
+  static canAccessSomeSection(
+    permissions: PermissionObject,
+    checks: Array<{
+      section: PermissionSection;
+    }>
+  ): boolean {
+    return checks.reduce<boolean>((prev, curr) => {
+      return prev || this.canAccessSection(permissions, curr.section);
+    }, false);
+  }
+
   static canValue(permissions: PermissionObject, key: string, emptyIfAdmin: boolean = false): string {
     if (emptyIfAdmin && (permissions.admin || permissions.adminByOwner)) return "";
     return permissions?.additional?.[key] ?? "";
@@ -147,6 +164,37 @@ export default class PermissionHelper {
     };
   }
 
+  static sectionAccessPassCheckMiddleware(
+    section: PermissionSection
+  ): (req: Request, res: Response, next: Function) => void {
+    return (req: Request, res: Response, next: Function) => {
+      const permissions = req.permissions;
+      const isOwner = req.isOwner;
+
+      if (isOwner || this.canAccessSection(permissions, section)) {
+        next();
+      } else {
+        throw new ForbiddenRequestException(`missing permission for ${section}.${module}`);
+      }
+    };
+  }
+
+  static sectionAccessPassCheckSomeMiddleware(
+    checks: Array<{ section: PermissionSection }>
+  ): (req: Request, res: Response, next: Function) => void {
+    return (req: Request, res: Response, next: Function) => {
+      const permissions = req.permissions;
+      const isOwner = req.isOwner;
+
+      if (isOwner || this.canAccessSomeSection(permissions, checks)) {
+        next();
+      } else {
+        let permissionsToPass = checks.map((c) => `${c.section}`).join(" or ");
+        throw new ForbiddenRequestException(`missing permission for ${permissionsToPass}`);
+      }
+    };
+  }
+
   static isAdminMiddleware(): (req: Request, res: Response, next: Function) => void {
     return (req: Request, res: Response, next: Function) => {
       const permissions = req.permissions;