Ehrenamt/ff-admin-server
2
0
Fork 0
Code Issues 11 Pull requests Projects Releases 5 Packages Wiki Activity Actions

ownership

Browse source
This commit is contained in:
Julian Krauser 2024-10-07 18:09:27 +02:00
parent 72fb6fbc20
commit e2b46becf0
13 changed files with 79 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/command/userCommand.ts
View file

@ -4,6 +4,7 @@ export interface CreateUserCommand {
firstname: string;
lastname: string;
secret: string;
isOwner: boolean;
}
export interface UpdateUserCommand {

1
src/command/userCommandHandler.ts
View file

@ -22,6 +22,7 @@ export default abstract class UserCommandHandler {
firstname: createUser.firstname,
lastname: createUser.lastname,
secret: createUser.secret,
isOwner: createUser.isOwner,
})
.execute()
.then((result) => {

6
src/controller/authController.ts
View file

@ -22,7 +22,7 @@ export async function login(req: Request, res: Response): Promise<any> {
let username = req.body.username;
let totp = req.body.totp;
let { id, secret, mail, firstname, lastname } = await UserService.getByUsername(username);
let { id, secret, mail, firstname, lastname, isOwner } = await UserService.getByUsername(username);
let valid = speakeasy.totp.verify({
secret: secret,
@ -48,6 +48,7 @@ export async function login(req: Request, res: Response): Promise<any> {
username: username,
firstname: firstname,
lastname: lastname,
isOwner: isOwner,
permissions: permissionObject,
};
@ -105,7 +106,7 @@ export async function refresh(req: Request, res: Response): Promise<any> {
throw new UnauthorizedRequestException("user not identified with token and refresh");
}
let { id, username, mail, firstname, lastname } = await UserService.getById(tokenUserId);
let { id, username, mail, firstname, lastname, isOwner } = await UserService.getById(tokenUserId);
let permissions = await UserPermissionService.getByUser(id);
let permissionStrings = permissions.map((e) => e.permission);
@ -117,6 +118,7 @@ export async function refresh(req: Request, res: Response): Promise<any> {
username: username,
firstname: firstname,
lastname: lastname,
isOwner: isOwner,
permissions: permissionObject,
};

10
src/controller/inviteController.ts
View file

@ -124,23 +124,17 @@ export async function finishInvite(req: Request, res: Response, grantAdmin: bool
lastname: lastname,
mail: mail,
secret: secret,
isOwner: grantAdmin,
};
let id = await UserCommandHandler.create(createUser);
if (grantAdmin) {
let createPermission: CreateUserPermissionCommand = {
permission: "*",
userId: id,
};
await UserPermissionCommandHandler.create(createPermission);
}
let jwtData: JWTToken = {
userId: id,
mail: mail,
username: username,
firstname: firstname,
lastname: lastname,
isOwner: grantAdmin,
permissions: {
...(grantAdmin ? { admin: true } : {}),
},

2
src/data-source.ts
View file

@ -29,6 +29,7 @@ import { memberQualifications } from "./entity/memberQualifications";
import { membership } from "./entity/membership";
import { Memberdata1726301836849 } from "./migrations/1726301836849-memberdata";
import { CommunicationFields1727439800630 } from "./migrations/1727439800630-communicationFields";
import { Ownership1728313041449 } from "./migrations/1728313041449-ownership";
const dataSource = new DataSource({
type: DB_TYPE as any,
@ -68,6 +69,7 @@ const dataSource = new DataSource({
MemberBaseData1725435669492,
Memberdata1726301836849,
CommunicationFields1727439800630,
Ownership1728313041449,
],
migrationsRun: true,
migrationsTransactionMode: "each",

3
src/entity/user.ts
View file

@ -22,6 +22,9 @@ export class user {
@Column({ type: "varchar", length: 255 })
secret: string;
@Column({ type: "boolean", default: false })
isOwner: boolean;
@ManyToMany(() => role, (role) => role.users, {
nullable: false,
onDelete: "CASCADE",

1
src/factory/admin/user.ts
View file

@ -21,6 +21,7 @@ export default abstract class UserFactory {
firstname: record.firstname,
lastname: record.lastname,
mail: record.mail,
isOwner: record.isOwner,
permissions: PermissionHelper.convertToObject(userPermissionStrings),
roles: RoleFactory.mapToBase(record.roles),
permissions_total: totalPermissions,

6
src/helpers/permissionHelper.ts
View file

@ -55,8 +55,9 @@ export default class PermissionHelper {
): (req: Request, res: Response, next: Function) => void {
return (req: Request, res: Response, next: Function) => {
const permissions = req.permissions;
const isOwner = req.isOwner;
if (this.can(permissions, requiredPermissions, section, module)) {
if (isOwner || this.can(permissions, requiredPermissions, section, module)) {
next();
} else {
throw new ForbiddenRequestException(
@ -74,8 +75,9 @@ export default class PermissionHelper {
): (req: Request, res: Response, next: Function) => void {
return (req: Request, res: Response, next: Function) => {
const permissions = req.permissions;
const isOwner = req.isOwner;
if (this.canSection(permissions, requiredPermissions, section)) {
if (isOwner || this.canSection(permissions, requiredPermissions, section)) {
next();
} else {
throw new ForbiddenRequestException(

1
src/index.ts
View file

@ -9,6 +9,7 @@ declare global {
export interface Request {
userId: string;
username: string;
isOwner: boolean;
permissions: PermissionObject;
}
}

1
src/middleware/authenticate.ts
View file

@ -31,6 +31,7 @@ export default async function authenticate(req: Request, res: Response, next: Fu
req.userId = decoded.userId;
req.username = decoded.username;
req.isOwner = decoded.isOwner;
req.permissions = decoded.permissions;
next();

56
src/migrations/1728313041449-ownership.ts Normal file
View file

@ -0,0 +1,56 @@
import { MigrationInterface, QueryRunner, TableColumn } from "typeorm";
export class Ownership1728313041449 implements MigrationInterface {
name = "Ownership1728313041449";
public async up(queryRunner: QueryRunner): Promise<void> {
await queryRunner.addColumn(
"user",
new TableColumn({
name: "isOwner",
type: "tinyint",
default: 0,
isNullable: false,
})
);
await queryRunner.manager
.createQueryBuilder()
.update("user")
.set({ isOwner: 1 })
.where((qb) => {
const subQuery = queryRunner.manager
.createQueryBuilder()
.select("1")
.from("user_permission", "up")
.where("user.id = up.userId")
.andWhere("up.permission = '*'")
.getQuery();
return `EXISTS (${subQuery})`;
})
.execute();
await queryRunner.manager.createQueryBuilder().delete().from("user_permission").where("permission = '*'").execute();
}
public async down(queryRunner: QueryRunner): Promise<void> {
await queryRunner.manager
.createQueryBuilder()
.insert()
.into("user_permission")
.values(
await queryRunner.manager
.createQueryBuilder()
.select("user.id", "userId")
.addSelect("'*'", "permission")
.from("user", "user")
.where("user.isOwner = 1")
.execute()
)
.execute();
await queryRunner.manager.createQueryBuilder().update("user").set({ isOwner: 0 }).where("isOwner = 1").execute();
await queryRunner.dropColumn("user", "isOwner");
}
}

3
src/type/jwtTypes.ts
View file

@ -1,7 +1,7 @@
import { PermissionObject } from "./permissionTypes";
export type JWTData = {
[key: string]: string | number | PermissionObject;
[key: string]: string | number | boolean | PermissionObject;
};
export type JWTToken = {
@ -10,6 +10,7 @@ export type JWTToken = {
username: string;
firstname: string;
lastname: string;
isOwner: boolean;
permissions: PermissionObject;
} & JWTData;

1
src/viewmodel/admin/user.models.ts
View file

@ -7,6 +7,7 @@ export interface UserViewModel {
mail: string;
firstname: string;
lastname: string;
isOwner: boolean;
permissions: PermissionObject;
roles: Array<RoleViewModel>;
permissions_total: PermissionObject;