inital #2

out/permissions.js

@@ -0,0 +1,92 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Permissions = exports.PermQuery = void 0;
+const role_acl_1 = require("role-acl");
+const Query_1 = require("role-acl/lib/src/core/Query");
+// see https://www.npmjs.com/package/role-acl
+class PermissionManager extends role_acl_1.AccessControl {
+    can(roleOrRequest) {
+        return new PermQuery(this.getGrants(), roleOrRequest);
+    }
+    getRouter(resource, opts) {
+        return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
+            let query = this.can(req);
+            if (opts.context)
+                query = query.context(opts.context);
+            if (opts.action)
+                query = query.execute(opts.action);
+            if (opts.skipConditions)
+                query = query.skipConditions(opts.skipConditions);
+            const permission = yield query.on(resource);
+            if (permission.granted) {
+                req.permissionDetails = permission;
+                next();
+            }
+            else {
+                res.sendStatus(403);
+            }
+        });
+    }
+}
+class PermQuery extends Query_1.Query {
+    constructor(grants, roleOrRequest) {
+        function isRequest(obj) {
+            // eslint-disable-next-line no-prototype-builtins
+            return typeof obj === 'object' && obj && obj.hasOwnProperty('path') || false;
+        }
+        if (isRequest(roleOrRequest)) {
+            super(grants, []);
+            this.resolveRequest = roleOrRequest;
+        }
+        else {
+            super(grants, roleOrRequest);
+        }
+    }
+    on(resource, skipConditions) {
+        const _super = Object.create(null, {
+            on: { get: () => super.on }
+        });
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.resolveRequest) {
+                const userInfo = yield this.resolveRequest.getUserInfo();
+                this.role((_a = userInfo === null || userInfo === void 0 ? void 0 : userInfo.groups) !== null && _a !== void 0 ? _a : []);
+            }
+            if (typeof this._.role === 'object' && this._.role.includes('noaccess') ||
+                typeof this._.role === 'string' && this._.role === 'noaccess') {
+                this.role([]);
+            }
+            return _super.on.call(this, resource, skipConditions);
+        });
+    }
+    context(context) {
+        super.context(context);
+        return this;
+    }
+    skipConditions(value) {
+        super.skipConditions(value);
+        return this;
+    }
+    with(context) {
+        super.with(context);
+        return this;
+    }
+    execute(action) {
+        super.execute(action);
+        return this;
+    }
+    sync() {
+        throw new role_acl_1.AccessControlError("Sync method is not allowed on PermissionManager!");
+    }
+}
+exports.PermQuery = PermQuery;
+exports.Permissions = new PermissionManager();