Ehrenamt/ff-admin-server
2
0
Fork 0
Code Issues 14 Pull requests Projects Releases 24 Packages Wiki Activity Actions

patches v1.3.11 #83

Merged
jkeffects merged 11 commits from develop into main 2025-04-10 10:47:13 +00:00
Conversation 0 Commits 11 Files changed 10 +66 -13
3 changed files with 66 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 74ff6838cc - Show all commits

5
src/helpers/jwtHelper.ts
View file

@ -58,7 +58,10 @@ export abstract class JWTHelper {
let rolePermissions = let rolePermissions =
userRoles.length != 0 ? await RolePermissionService.getByRoles(userRoles.map((e) => e.id)) : []; userRoles.length != 0 ? await RolePermissionService.getByRoles(userRoles.map((e) => e.id)) : [];
let rolePermissionStrings = rolePermissions.map((e) => e.permission); let rolePermissionStrings = rolePermissions.map((e) => e.permission);
let permissionObject = PermissionHelper.convertToObject([...userPermissionStrings, ...rolePermissionStrings]); let permissionObject = PermissionHelper.convertToObject(
[...userPermissionStrings, ...rolePermissionStrings],
isOwner
);
let jwtData: JWTToken = { let jwtData: JWTToken = {
userId: id, userId: id,

62
src/helpers/permissionHelper.ts
View file

@ -4,9 +4,11 @@ import {
permissionModules, permissionModules,
PermissionObject, PermissionObject,
PermissionSection, PermissionSection,
permissionSections,
PermissionString, PermissionString,
PermissionType, PermissionType,
permissionTypes, permissionTypes,
sectionsAndModules,
} from "../type/permissionTypes"; } from "../type/permissionTypes";
import ForbiddenRequestException from "../exceptions/forbiddenRequestException"; import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
@ -17,8 +19,8 @@ export default class PermissionHelper {
section: PermissionSection, section: PermissionSection,
module?: PermissionModule module?: PermissionModule
) { ) {
if (type == "admin") return permissions?.admin ?? false; if (type == "admin") return permissions?.admin ?? permissions?.adminByOwner ?? false;
if (permissions?.admin) return true; if (permissions?.admin || permissions?.adminByOwner) return true;
if ( if (
(!module && (!module &&
permissions[section] != undefined && permissions[section] != undefined &&
@ -50,8 +52,8 @@ export default class PermissionHelper {
type: PermissionType | "admin", type: PermissionType | "admin",
section: PermissionSection section: PermissionSection
): boolean { ): boolean {
if (type == "admin") return permissions?.admin ?? false; if (type == "admin") return permissions?.admin ?? permissions?.adminByOwner ?? false;
if (permissions?.admin) return true; if (permissions?.admin || permissions?.adminByOwner) return true;
if ( if (
permissions[section]?.all == "*" || permissions[section]?.all == "*" ||
permissions[section]?.all?.includes(type) || permissions[section]?.all?.includes(type) ||
@ -73,6 +75,11 @@ export default class PermissionHelper {
}, false); }, false);
} }
static canValue(permissions: PermissionObject, key: string, emptyIfAdmin: boolean = false): string {
if (emptyIfAdmin && (permissions.admin || permissions.adminByOwner)) return "";
return permissions?.additional?.[key] ?? "";
}
static passCheckMiddleware( static passCheckMiddleware(
requiredPermissions: PermissionType | "admin", requiredPermissions: PermissionType | "admin",
section: PermissionSection, section: PermissionSection,
@ -159,14 +166,28 @@ export default class PermissionHelper {
}; };
} }
static convertToObject(permissions: Array<PermissionString>): PermissionObject { static convertToObject(permissions: Array<PermissionString>, isOwner: boolean = false): PermissionObject {
if (permissions.includes("*")) { let isAdmin = permissions.includes("*");
let additional: { [key: string]: string } = {};
let additionalPermissions = permissions.map((e) => e.split(".")).filter((e) => e[0] == "additional") as Array<
["additional", string, string]
>;
for (let split of additionalPermissions) {
let module = sectionsAndModules.additional.find((a) => a.key == split[1]);
if (!isAdmin || (isAdmin && !module.emptyIfAdmin)) additional[split[1]] = split[2];
}
if (isAdmin) {
return { return {
admin: true, admin: true,
adminByOwner: isOwner,
...(Object.keys(additional).length > 0 && { additional }),
}; };
} }
let output: PermissionObject = {}; let output: PermissionObject = {};
let splitPermissions = permissions.map((e) => e.split(".")) as Array< let splitPermissions = permissions.map((e) => e.split(".")).filter((e) => e[0] != "additional") as Array<
[PermissionSection, PermissionModule | PermissionType | "*", PermissionType | "*"] [PermissionSection, PermissionModule | PermissionType | "*", PermissionType | "*"]
>; >;
for (let split of splitPermissions) { for (let split of splitPermissions) {
@ -208,15 +229,31 @@ export default class PermissionHelper {
} }
} }
} }
return output;
return {
adminByOwner: isOwner,
...output,
...(Object.keys(additional).length > 0 && { additional }),
};
} }
static convertToStringArray(permissions: PermissionObject): Array<PermissionString> { static convertToStringArray(permissions: PermissionObject): Array<PermissionString> {
if (permissions?.admin) { let isAdmin = permissions?.admin;
return ["*"];
let additional: Array<PermissionString> = [];
let additionalPermissions = Object.entries(permissions?.additional ?? {});
for (let add of additionalPermissions) {
additional.push(`additional.${add[0]}.${add[1]}`);
} }
if (isAdmin) {
return ["*", ...additional];
}
let output: Array<PermissionString> = []; let output: Array<PermissionString> = [];
let sections = Object.keys(permissions) as Array<PermissionSection>; let sections = Object.keys(permissions).filter((m: PermissionSection) =>
permissionSections.includes(m)
) as Array<PermissionSection>;
for (let section of sections) { for (let section of sections) {
if (permissions[section].all) { if (permissions[section].all) {
let types = permissions[section].all; let types = permissions[section].all;
@ -242,7 +279,8 @@ export default class PermissionHelper {
} }
} }
} }
return output;
return [...output, ...additional];
} }
static getWhatToAdd(before: Array<PermissionString>, after: Array<PermissionString>): Array<PermissionString> { static getWhatToAdd(before: Array<PermissionString>, after: Array<PermissionString>): Array<PermissionString> {

12
src/type/permissionTypes.ts
View file

@ -30,6 +30,7 @@ export type PermissionString =
| `${PermissionSection}.${PermissionModule}.*` // für alle Berechtigungen in einem Modul | `${PermissionSection}.${PermissionModule}.*` // für alle Berechtigungen in einem Modul
| `${PermissionSection}.${PermissionType}` // für spezifische Berechtigungen in einem Abschnitt | `${PermissionSection}.${PermissionType}` // für spezifische Berechtigungen in einem Abschnitt
| `${PermissionSection}.*` // für alle Berechtigungen in einem Abschnitt | `${PermissionSection}.*` // für alle Berechtigungen in einem Abschnitt
| `additional.${string}.${string}` // additional
| "*"; // für Admin | "*"; // für Admin
export type PermissionObject = { export type PermissionObject = {
@ -38,10 +39,20 @@ export type PermissionObject = {
} & { all?: Array<PermissionType> | "*" }; } & { all?: Array<PermissionType> | "*" };
} & { } & {
admin?: boolean; admin?: boolean;
adminByOwner?: boolean;
} & {
additional?: { [key: string]: string };
}; };
export type SectionsAndModulesObject = { export type SectionsAndModulesObject = {
[section in PermissionSection]: Array<PermissionModule>; [section in PermissionSection]: Array<PermissionModule>;
} & {
additional?: Array<{
key: string;
name: string;
type: "number" | "string";
emptyIfAdmin: boolean;
}>;
}; };
export const permissionSections: Array<PermissionSection> = ["club", "configuration", "management"]; export const permissionSections: Array<PermissionSection> = ["club", "configuration", "management"];
@ -85,4 +96,5 @@ export const sectionsAndModules: SectionsAndModulesObject = {
"newsletter_config", "newsletter_config",
], ],
management: ["user", "role", "webapi", "backup"], management: ["user", "role", "webapi", "backup"],
additional: [],
}; };