From 03e92ea0d4e260d0e0717db91d2959a698ea8c4a Mon Sep 17 00:00:00 2001
From: Julian Krauser <jkrauser209@gmail.com>
Date: Tue, 8 Apr 2025 09:21:57 +0200
Subject: [PATCH] populate Admin Rights by Ownership to permission object

---
 src/helpers/jwtHelper.ts        |  5 ++++-
 src/helpers/permissionHelper.ts | 14 ++++++++------
 src/type/permissionTypes.ts     |  1 +
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/helpers/jwtHelper.ts b/src/helpers/jwtHelper.ts
index 230ead0..44dcc24 100644
--- a/src/helpers/jwtHelper.ts
+++ b/src/helpers/jwtHelper.ts
@@ -55,7 +55,10 @@ export abstract class JWTHelper {
     let rolePermissions =
       userRoles.length != 0 ? await RolePermissionService.getByRoles(userRoles.map((e) => e.id)) : [];
     let rolePermissionStrings = rolePermissions.map((e) => e.permission);
-    let permissionObject = PermissionHelper.convertToObject([...userPermissionStrings, ...rolePermissionStrings]);
+    let permissionObject = PermissionHelper.convertToObject(
+      [...userPermissionStrings, ...rolePermissionStrings],
+      isOwner
+    );
 
     let jwtData: JWTToken = {
       userId: id,
diff --git a/src/helpers/permissionHelper.ts b/src/helpers/permissionHelper.ts
index 5f78d97..6a83f92 100644
--- a/src/helpers/permissionHelper.ts
+++ b/src/helpers/permissionHelper.ts
@@ -19,8 +19,8 @@ export default class PermissionHelper {
     section: PermissionSection,
     module?: PermissionModule
   ) {
-    if (type == "admin") return permissions?.admin ?? false;
-    if (permissions?.admin) return true;
+    if (type == "admin") return permissions?.admin ?? permissions?.adminByOwner ?? false;
+    if (permissions?.admin || permissions?.adminByOwner) return true;
     if (
       (!module &&
         permissions[section] != undefined &&
@@ -52,8 +52,8 @@ export default class PermissionHelper {
     type: PermissionType | "admin",
     section: PermissionSection
   ): boolean {
-    if (type == "admin") return permissions?.admin ?? false;
-    if (permissions?.admin) return true;
+    if (type == "admin") return permissions?.admin ?? permissions?.adminByOwner ?? false;
+    if (permissions?.admin || permissions?.adminByOwner) return true;
     if (
       permissions[section]?.all == "*" ||
       permissions[section]?.all?.includes(type) ||
@@ -76,7 +76,7 @@ export default class PermissionHelper {
   }
 
   static canValue(permissions: PermissionObject, key: string, emptyIfAdmin: boolean = false): string {
-    if (emptyIfAdmin && permissions.admin) return "";
+    if (emptyIfAdmin && (permissions.admin || permissions.adminByOwner)) return "";
     return permissions?.additional?.[key] ?? "";
   }
 
@@ -166,7 +166,7 @@ export default class PermissionHelper {
     };
   }
 
-  static convertToObject(permissions: Array<PermissionString>): PermissionObject {
+  static convertToObject(permissions: Array<PermissionString>, isOwner: boolean = false): PermissionObject {
     let isAdmin = permissions.includes("*");
 
     let additional: { [key: string]: string } = {};
@@ -181,6 +181,7 @@ export default class PermissionHelper {
     if (isAdmin) {
       return {
         admin: true,
+        adminByOwner: isOwner,
         ...(Object.keys(additional).length > 0 && { additional }),
       };
     }
@@ -230,6 +231,7 @@ export default class PermissionHelper {
     }
 
     return {
+      adminByOwner: isOwner,
       ...output,
       ...(Object.keys(additional).length > 0 && { additional }),
     };
diff --git a/src/type/permissionTypes.ts b/src/type/permissionTypes.ts
index 1b1936b..850ccd6 100644
--- a/src/type/permissionTypes.ts
+++ b/src/type/permissionTypes.ts
@@ -18,6 +18,7 @@ export type PermissionObject = {
   } & { all?: Array<PermissionType> | "*" };
 } & {
   admin?: boolean;
+  adminByOwner?: boolean;
 } & {
   additional?: { [key: string]: string };
 };