inital #2
This commit is contained in:
Sebastian Seedorf
92
src/permissions.ts
Normal file
92
src/permissions.ts
Normal file
@@ -0,0 +1,92 @@
|
||||
import {AccessControl, AccessControlError, IQueryInfo, Permission} from 'role-acl';
|
||||
import {Query} from 'role-acl/lib/src/core/Query';
|
||||
import {Request, RequestHandler} from 'express';
|
||||
|
||||
// see https://www.npmjs.com/package/role-acl
|
||||
class PermissionManager extends AccessControl {
|
||||
public can(roleOrRequest: Request|string|string[]|IQueryInfo): PermQuery {
|
||||
return new PermQuery(this.getGrants(), roleOrRequest);
|
||||
}
|
||||
|
||||
public getRouter(resource: string, opts: Partial<RermRouterOpts>): RequestHandler {
|
||||
return async (req: Request, res, next) => {
|
||||
let query = this.can(req);
|
||||
if (opts.context)
|
||||
query = query.context(opts.context);
|
||||
if (opts.action)
|
||||
query = query.execute(opts.action);
|
||||
if (opts.skipConditions)
|
||||
query = query.skipConditions(opts.skipConditions);
|
||||
const permission = await query.on(resource);
|
||||
if (permission.granted) {
|
||||
req.permissionDetails = permission;
|
||||
next();
|
||||
} else {
|
||||
res.sendStatus(403);
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
export type RermRouterOpts = {
|
||||
context: unknown,
|
||||
action: string,
|
||||
skipConditions: boolean
|
||||
}
|
||||
|
||||
export class PermQuery extends Query {
|
||||
protected resolveRequest: Request|undefined;
|
||||
|
||||
constructor(grants: unknown, roleOrRequest: Request|string|string[]|IQueryInfo) {
|
||||
function isRequest(obj: unknown): obj is Request {
|
||||
// eslint-disable-next-line no-prototype-builtins
|
||||
return typeof obj === 'object' && obj && obj.hasOwnProperty('path') || false;
|
||||
}
|
||||
if (isRequest(roleOrRequest)) {
|
||||
super(grants, []);
|
||||
this.resolveRequest = roleOrRequest;
|
||||
} else {
|
||||
super(grants, roleOrRequest);
|
||||
}
|
||||
}
|
||||
|
||||
public async on(resource: string, skipConditions?: boolean): Promise<Permission> {
|
||||
if (this.resolveRequest) {
|
||||
const userInfo = await this.resolveRequest.getUserInfo();
|
||||
this.role(userInfo?.groups ?? []);
|
||||
}
|
||||
if (
|
||||
typeof this._.role === 'object' && this._.role.includes('noaccess') ||
|
||||
typeof this._.role === 'string' && this._.role === 'noaccess'
|
||||
) {
|
||||
this.role([]);
|
||||
}
|
||||
return super.on(resource, skipConditions);
|
||||
}
|
||||
|
||||
public context(context: unknown): PermQuery {
|
||||
super.context(context);
|
||||
return this;
|
||||
}
|
||||
|
||||
public skipConditions(value: boolean): PermQuery {
|
||||
super.skipConditions(value);
|
||||
return this;
|
||||
}
|
||||
|
||||
public with(context: unknown): PermQuery {
|
||||
super.with(context);
|
||||
return this;
|
||||
}
|
||||
|
||||
public execute(action: string): PermQuery {
|
||||
super.execute(action);
|
||||
return this;
|
||||
}
|
||||
|
||||
public sync(): PermQuery {
|
||||
throw new AccessControlError("Sync method is not allowed on PermissionManager!");
|
||||
}
|
||||
}
|
||||
|
||||
export const Permissions = new PermissionManager();
|
||||
Reference in New Issue
Block a user