summaryrefslogtreecommitdiffstats
path: root/server/lib/permissions
diff options
context:
space:
mode:
authorChristian Hofmaier2019-01-21 15:07:39 +0100
committerChristian Hofmaier2019-01-21 15:07:39 +0100
commit23b8a35fce20c1f77dac66b486a85fb27f84eded (patch)
tree219ee12405968e54d7c3082833574a9b3cdab100 /server/lib/permissions
parent[webapp/datatable] add button to filter only selected rows (diff)
downloadbas-23b8a35fce20c1f77dac66b486a85fb27f84eded.tar.gz
bas-23b8a35fce20c1f77dac66b486a85fb27f84eded.tar.xz
bas-23b8a35fce20c1f77dac66b486a85fb27f84eded.zip
Add permission functions for clients
Diffstat (limited to 'server/lib/permissions')
-rw-r--r--server/lib/permissions/permissionutil.js57
1 files changed, 56 insertions, 1 deletions
diff --git a/server/lib/permissions/permissionutil.js b/server/lib/permissions/permissionutil.js
index 790739a..fee2181 100644
--- a/server/lib/permissions/permissionutil.js
+++ b/server/lib/permissions/permissionutil.js
@@ -3,7 +3,7 @@ const path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var groupUtil = require(path.join(__appdir, 'lib', 'grouputil'))
-module.exports = { hasPermission, getAllowedGroups, hasPermissionForGroup }
+module.exports = { hasPermission, getAllowedGroups, hasPermissionForGroup, getAllowedClients, hasPermissionForClient }
async function hasPermission (userid, permissionid) {
var user = await db.user.findOne({
@@ -81,3 +81,58 @@ async function checkParentsForIds (groupIds, listOfIds) {
})
})
}
+
+async function getAllowedClients (userid, permissionid) {
+ var user = await db.user.findOne({
+ where: { id: userid, '$roles.permissions.id$': permissionid },
+ include: [{ as: 'roles', model: db.role, include: ['permissions', { as: 'groups', model: db.group, include: ['clients'] }] }]
+ })
+ // User doesn't have the permission
+ if (user === null) return []
+ // User has permission, permission is not groupdependent
+ else if (!user.roles[0].permissions[0].groupdependent) return [0]
+ // User has permission, permission is groupdependent
+ else {
+ var permClients = []
+ for (let i = 0; i < user.roles.length; i++) {
+ if (user.roles[i].recursiveGroups) {
+ // The role is flagged recursive, so add clients of childs to result
+ var subChilds = await groupUtil.getAllChildren(user.roles[i].groups)
+ permClients = permClients.concat(subChilds.clients.map(c => c.id))
+ } else {
+ for (let j = 0; j < user.roles[i].groups.length; j++) {
+ permClients = permClients.concat(user.roles[i].groups[j].clients.map(c => c.id))
+ }
+ }
+ }
+ // Filter result for unique entries
+ return permClients.filter(function (elem, pos, arr) { return arr.indexOf(elem) === pos })
+ }
+}
+
+async function hasPermissionForClient (userid, permissionid, clientid) {
+ var user = await db.user.findOne({
+ where: { id: userid, '$roles.permissions.id$': permissionid },
+ include: [{ as: 'roles', model: db.role, include: ['permissions', { as: 'groups', model: db.group, include: ['clients'] }] }]
+ })
+ if (user === null) return false
+ else if (!user.roles[0].permissions[0].groupdependent) return true
+ else {
+ var permGrps = []
+ for (let i = 0; i < user.roles.length; i++) {
+ for (let j = 0; j < user.roles[i].groups.length; j++) {
+ var groupClients = user.roles[i].groups[j].clients.map(c => c.id)
+ if (groupClients.includes(clientid)) return true
+ }
+ if (user.roles[i].recursiveGroups) permGrps = permGrps.concat(user.roles[i].groups.map(g => g.id))
+ }
+ permGrps = permGrps.filter(function (elem, pos, arr) { return arr.indexOf(elem) === pos })
+ var client = await db.client.findOne({
+ where: { id: clientid },
+ include: [{ as: 'groups', model: db.group }]
+ })
+ var groupids = client.groups.map(g => g.id)
+ var result = await checkParentsForIds(groupids, permGrps)
+ return result
+ }
+}