Fixed unknown roles
This commit is contained in:
Sebastian Seedorf
@@ -14,18 +14,25 @@ const _1 = require(".");
|
||||
const node_fetch_1 = require("node-fetch");
|
||||
const router = (req, res, next) => {
|
||||
const resolvable = new _1.Resolvable(() => __awaiter(void 0, void 0, void 0, function* () {
|
||||
console.log("header", _1.DefaultConfig.USERINFO_HEADER);
|
||||
if (!_1.DefaultConfig.USERINFO_HEADER) {
|
||||
return undefined;
|
||||
}
|
||||
const token = req.header(_1.DefaultConfig.USERINFO_HEADER);
|
||||
console.log("token", token);
|
||||
const url = _1.DefaultConfig.AUTH_PROXY_USERINFO_URL ||
|
||||
_1.DefaultConfig.AUTH_PROXY_URL && _1.urlJoin(_1.DefaultConfig.AUTH_PROXY_URL, "userinfo");
|
||||
console.log("url", url);
|
||||
if (token === undefined || url === undefined) {
|
||||
return undefined;
|
||||
}
|
||||
console.log("fetch");
|
||||
try {
|
||||
const res = yield node_fetch_1.default(url, { headers: [[_1.DefaultConfig.USERINFO_HEADER, token]] });
|
||||
return yield res.json();
|
||||
console.log("res");
|
||||
const json = yield res.json();
|
||||
console.log("json", json);
|
||||
return json;
|
||||
}
|
||||
catch (e) {
|
||||
_1.Logger.warn(e);
|
||||
|
||||
2
out/permissions.d.ts
vendored
2
out/permissions.d.ts
vendored
@@ -3,7 +3,7 @@ import { Query } from 'role-acl/lib/src/core/Query';
|
||||
import { Request, RequestHandler } from 'express';
|
||||
declare class PermissionManager extends AccessControl {
|
||||
can(roleOrRequest: Request | string | string[] | IQueryInfo): PermQuery;
|
||||
getRouter(resource: string, opts: Partial<RermRouterOpts>): RequestHandler;
|
||||
getRouter(resource: string, opts?: Partial<RermRouterOpts>): RequestHandler;
|
||||
}
|
||||
export declare type RermRouterOpts = {
|
||||
context: unknown;
|
||||
|
||||
@@ -20,12 +20,12 @@ class PermissionManager extends role_acl_1.AccessControl {
|
||||
getRouter(resource, opts) {
|
||||
return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
|
||||
let query = this.can(req);
|
||||
if (opts.context)
|
||||
query = query.context(opts.context);
|
||||
if (opts.action)
|
||||
query = query.execute(opts.action);
|
||||
if (opts.skipConditions)
|
||||
query = query.skipConditions(opts.skipConditions);
|
||||
if (opts === null || opts === void 0 ? void 0 : opts.context)
|
||||
query = query.context(opts === null || opts === void 0 ? void 0 : opts.context);
|
||||
if (opts === null || opts === void 0 ? void 0 : opts.action)
|
||||
query = query.execute(opts === null || opts === void 0 ? void 0 : opts.action);
|
||||
if (opts === null || opts === void 0 ? void 0 : opts.skipConditions)
|
||||
query = query.skipConditions(opts === null || opts === void 0 ? void 0 : opts.skipConditions);
|
||||
const permission = yield query.on(resource);
|
||||
if (permission.granted) {
|
||||
req.permissionDetails = permission;
|
||||
@@ -41,7 +41,7 @@ class PermQuery extends Query_1.Query {
|
||||
constructor(grants, roleOrRequest) {
|
||||
function isRequest(obj) {
|
||||
// eslint-disable-next-line no-prototype-builtins
|
||||
return typeof obj === 'object' && obj && obj.hasOwnProperty('path') || false;
|
||||
return typeof obj === 'object' && obj && obj.hasOwnProperty('res') || false;
|
||||
}
|
||||
if (isRequest(roleOrRequest)) {
|
||||
super(grants, []);
|
||||
@@ -57,9 +57,13 @@ class PermQuery extends Query_1.Query {
|
||||
});
|
||||
var _a;
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
console.log("heee");
|
||||
if (this.resolveRequest) {
|
||||
const userInfo = yield this.resolveRequest.getUserInfo();
|
||||
this.role((_a = userInfo === null || userInfo === void 0 ? void 0 : userInfo.groups) !== null && _a !== void 0 ? _a : []);
|
||||
console.log("huuu", userInfo, typeof userInfo);
|
||||
const availableRoles = Object.keys(this._grants);
|
||||
const roles = ((_a = userInfo === null || userInfo === void 0 ? void 0 : userInfo.groups) !== null && _a !== void 0 ? _a : []).filter(x => availableRoles.includes(x));
|
||||
this.role(roles);
|
||||
}
|
||||
if (typeof this._.role === 'object' && this._.role.includes('noaccess') ||
|
||||
typeof this._.role === 'string' && this._.role === 'noaccess') {
|
||||
|
||||
@@ -13,8 +13,8 @@ exports.Polyfill = void 0;
|
||||
const polyfillLibrary = require("polyfill-library");
|
||||
const _1 = require(".");
|
||||
const threads_1 = require("threads");
|
||||
const features = new _1.WaitForSync();
|
||||
function getRouter(fileToWatch, opts) {
|
||||
const features = new _1.WaitForSync();
|
||||
(() => __awaiter(this, void 0, void 0, function* () {
|
||||
const worker = yield threads_1.spawn(new threads_1.Worker("./polyfill-worker"));
|
||||
const feats = yield worker(fileToWatch);
|
||||
|
||||
@@ -8,15 +8,15 @@ class PermissionManager extends AccessControl {
|
||||
return new PermQuery(this.getGrants(), roleOrRequest);
|
||||
}
|
||||
|
||||
public getRouter(resource: string, opts: Partial<RermRouterOpts>): RequestHandler {
|
||||
public getRouter(resource: string, opts?: Partial<RermRouterOpts>): RequestHandler {
|
||||
return async (req: Request, res, next) => {
|
||||
let query = this.can(req);
|
||||
if (opts.context)
|
||||
query = query.context(opts.context);
|
||||
if (opts.action)
|
||||
query = query.execute(opts.action);
|
||||
if (opts.skipConditions)
|
||||
query = query.skipConditions(opts.skipConditions);
|
||||
if (opts?.context)
|
||||
query = query.context(opts?.context);
|
||||
if (opts?.action)
|
||||
query = query.execute(opts?.action);
|
||||
if (opts?.skipConditions)
|
||||
query = query.skipConditions(opts?.skipConditions);
|
||||
const permission = await query.on(resource);
|
||||
if (permission.granted) {
|
||||
req.permissionDetails = permission;
|
||||
@@ -40,7 +40,7 @@ export class PermQuery extends Query {
|
||||
constructor(grants: unknown, roleOrRequest: Request|string|string[]|IQueryInfo) {
|
||||
function isRequest(obj: unknown): obj is Request {
|
||||
// eslint-disable-next-line no-prototype-builtins
|
||||
return typeof obj === 'object' && obj && obj.hasOwnProperty('path') || false;
|
||||
return typeof obj === 'object' && obj && obj.hasOwnProperty('res') || false;
|
||||
}
|
||||
if (isRequest(roleOrRequest)) {
|
||||
super(grants, []);
|
||||
@@ -53,7 +53,9 @@ export class PermQuery extends Query {
|
||||
public async on(resource: string, skipConditions?: boolean): Promise<Permission> {
|
||||
if (this.resolveRequest) {
|
||||
const userInfo = await this.resolveRequest.getUserInfo();
|
||||
this.role(userInfo?.groups ?? []);
|
||||
const availableRoles = Object.keys(this._grants);
|
||||
const roles = (userInfo?.groups ?? []).filter(x => availableRoles.includes(x));
|
||||
this.role(roles);
|
||||
}
|
||||
if (
|
||||
typeof this._.role === 'object' && this._.role.includes('noaccess') ||
|
||||
|
||||
Reference in New Issue
Block a user