96 lines
4.0 KiB
JavaScript
96 lines
4.0 KiB
JavaScript
"use strict";
|
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
});
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.PermManager = exports.PermQuery = exports.PermissionManager = void 0;
|
|
const role_acl_1 = require("role-acl");
|
|
const Query_1 = require("role-acl/lib/src/core/Query");
|
|
// see https://www.npmjs.com/package/role-acl
|
|
class PermissionManager extends role_acl_1.AccessControl {
|
|
can(roleOrRequest) {
|
|
return new PermQuery(this.getGrants(), roleOrRequest);
|
|
}
|
|
getRouter(resource, opts) {
|
|
return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
|
|
let query = this.can(req);
|
|
if (opts === null || opts === void 0 ? void 0 : opts.context)
|
|
query = query.context(opts === null || opts === void 0 ? void 0 : opts.context);
|
|
if (opts === null || opts === void 0 ? void 0 : opts.action)
|
|
query = query.execute(opts === null || opts === void 0 ? void 0 : opts.action);
|
|
if (opts === null || opts === void 0 ? void 0 : opts.skipConditions)
|
|
query = query.skipConditions(opts === null || opts === void 0 ? void 0 : opts.skipConditions);
|
|
const permission = yield query.on(resource);
|
|
if (permission.granted) {
|
|
req.permissionDetails = permission;
|
|
next();
|
|
}
|
|
else {
|
|
res.sendStatus(403);
|
|
}
|
|
});
|
|
}
|
|
}
|
|
exports.PermissionManager = PermissionManager;
|
|
class PermQuery extends Query_1.Query {
|
|
constructor(grants, roleOrRequest) {
|
|
function isRequest(obj) {
|
|
// eslint-disable-next-line no-prototype-builtins
|
|
return typeof obj === 'object' && obj && obj.hasOwnProperty('res') || false;
|
|
}
|
|
if (isRequest(roleOrRequest)) {
|
|
super(grants, []);
|
|
this.resolveRequest = roleOrRequest;
|
|
}
|
|
else {
|
|
super(grants, roleOrRequest);
|
|
}
|
|
}
|
|
on(resource, skipConditions) {
|
|
const _super = Object.create(null, {
|
|
on: { get: () => super.on }
|
|
});
|
|
var _a;
|
|
return __awaiter(this, void 0, void 0, function* () {
|
|
if (this.resolveRequest) {
|
|
const userInfo = yield this.resolveRequest.getUserInfo();
|
|
const availableRoles = Object.keys(this._grants);
|
|
const roles = ((_a = userInfo === null || userInfo === void 0 ? void 0 : userInfo.groups) !== null && _a !== void 0 ? _a : []).filter(x => availableRoles.includes(x));
|
|
this.role(roles);
|
|
}
|
|
if (typeof this._.role === 'object' && this._.role.includes('noaccess') ||
|
|
typeof this._.role === 'string' && this._.role === 'noaccess') {
|
|
this.role([]);
|
|
}
|
|
return _super.on.call(this, resource, skipConditions);
|
|
});
|
|
}
|
|
context(context) {
|
|
super.context(context);
|
|
return this;
|
|
}
|
|
skipConditions(value) {
|
|
super.skipConditions(value);
|
|
return this;
|
|
}
|
|
with(context) {
|
|
super.with(context);
|
|
return this;
|
|
}
|
|
execute(action) {
|
|
super.execute(action);
|
|
return this;
|
|
}
|
|
sync() {
|
|
throw new role_acl_1.AccessControlError('Sync method is not allowed on PermissionManager!');
|
|
}
|
|
}
|
|
exports.PermQuery = PermQuery;
|
|
exports.PermManager = new PermissionManager();
|