summaryrefslogtreecommitdiffstats
path: root/server/lib/permissions
diff options
context:
space:
mode:
authorChristian Hofmaier2019-02-04 01:03:45 +0100
committerChristian Hofmaier2019-02-04 01:03:45 +0100
commitd6e07668fb381d1c0ec8ba815b4ffab979994bc9 (patch)
tree88f31d39b95861d251e4dd50e9f5522cd79c480d /server/lib/permissions
parent[external-backeds] Add get file for the iDoIT backend (diff)
downloadbas-d6e07668fb381d1c0ec8ba815b4ffab979994bc9.tar.gz
bas-d6e07668fb381d1c0ec8ba815b4ffab979994bc9.tar.xz
bas-d6e07668fb381d1c0ec8ba815b4ffab979994bc9.zip
Implement Middlware for Permission Manager
Diffstat (limited to 'server/lib/permissions')
-rw-r--r--server/lib/permissions/permissions.json16
-rw-r--r--server/lib/permissions/permissionutil.js83
2 files changed, 54 insertions, 45 deletions
diff --git a/server/lib/permissions/permissions.json b/server/lib/permissions/permissions.json
index cdb9773..96c971d 100644
--- a/server/lib/permissions/permissions.json
+++ b/server/lib/permissions/permissions.json
@@ -1,17 +1,17 @@
[
{
- "name": "A",
- "descr": "Testing permission A",
- "groupdependent": true
+ "name": "permissions.saverole",
+ "descr": "For saving a role",
+ "groupdependent": false
},
{
- "name": "Very long permission name with very long description",
- "descr": "Even longer description of the very long permission with the very long name with the very long description",
+ "name": "permissions.editrole",
+ "descr": "For editing a role",
"groupdependent": false
},
{
- "name": "Short is short",
- "descr": "nanananana",
- "groupdependent": true
+ "name": "permissions.deleterole",
+ "descr": "For deleting a role",
+ "groupdependent": false
}
] \ No newline at end of file
diff --git a/server/lib/permissions/permissionutil.js b/server/lib/permissions/permissionutil.js
index fee2181..709cd29 100644
--- a/server/lib/permissions/permissionutil.js
+++ b/server/lib/permissions/permissionutil.js
@@ -3,19 +3,28 @@ const path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var groupUtil = require(path.join(__appdir, 'lib', 'grouputil'))
-module.exports = { hasPermission, getAllowedGroups, hasPermissionForGroup, getAllowedClients, hasPermissionForClient }
+module.exports = { exportFunctions }
-async function hasPermission (userid, permissionid) {
+function exportFunctions (req, res, next) {
+ req.user.hasPermission = permissionName => hasPermission(req.user.id, permissionName)
+ req.user.getAllowedGroups = permissionName => getAllowedGroups(req.user.id, permissionName)
+ req.user.hasPermissionForGroup = (permissionName, groupId) => hasPermissionForGroup(req.user.id, permissionName, groupId)
+ req.user.getAllowedClients = permissionName => getAllowedClients(req.user.id, permissionName)
+ req.user.hasPermissionForClient = (permissionName, clientId) => hasPermissionForClient(req.user.id, permissionName, clientId)
+ next()
+}
+
+async function hasPermission (userid, permissionName) {
var user = await db.user.findOne({
- where: { id: userid, '$roles.permissions.id$': permissionid },
+ where: { id: userid, '$roles.permissions.name$': permissionName },
include: [{ as: 'roles', model: db.role, include: ['permissions'] }]
})
return user !== null
}
-async function getAllowedGroups (userid, permissionid) {
+async function getAllowedGroups (userid, permissionName) {
var user = await db.user.findOne({
- where: { id: userid, '$roles.permissions.id$': permissionid },
+ where: { id: userid, '$roles.permissions.name$': permissionName },
include: [{ as: 'roles', model: db.role, include: ['permissions', 'groups'] }]
})
// User doesn't have the permission
@@ -39,9 +48,9 @@ async function getAllowedGroups (userid, permissionid) {
}
}
-async function hasPermissionForGroup (userid, permissionid, groupid) {
+async function hasPermissionForGroup (userid, permissionName, groupId) {
var user = await db.user.findOne({
- where: { id: userid, '$roles.permissions.id$': permissionid },
+ where: { id: userid, '$roles.permissions.name$': permissionName },
include: [{ as: 'roles', model: db.role, include: ['permissions', 'groups'] }]
})
// User doesn't have permission
@@ -50,41 +59,21 @@ async function hasPermissionForGroup (userid, permissionid, groupid) {
else if (!user.roles[0].permissions[0].groupdependent) return true
// User has permission, permission is groupdependent, check for group
else {
- if (user.roles.map(r => r.groups.map(g => g.id)).includes(groupid)) return true
+ if (user.roles.map(r => r.groups.map(g => g.id)).includes(groupId)) return true
var permGrps = []
for (let i = 0; i < user.roles.length; i++) {
if (user.roles[i].recursiveGroups) permGrps = permGrps.concat(user.roles[i].groups.map(g => g.id))
}
permGrps = permGrps.filter(function (elem, pos, arr) { return arr.indexOf(elem) === pos })
// get all parents of groupId and check if any parentid is in the list of groups of RECURSIVE flagged roles.
- var result = await checkParentsForIds(groupid, permGrps)
+ var result = await checkParentsForIds(groupId, permGrps)
return result
}
}
-async function checkParentsForIds (groupIds, listOfIds) {
- if (listOfIds.length === 0) return false
- if (groupIds.length === 0) return false
-
- var parentIds = []
- return db.group.findAll({ where: { id: groupIds }, include: ['parents'] }).then(groups => {
- for (let i = 0; i < groups.length; i++) {
- for (let j = 0; j < groups[i].parents.length; j++) {
- var id = groups[i].parents[j].id
- if (listOfIds.includes(id)) return true
- if (!parentIds.includes(id)) parentIds.push(id)
- }
- }
- if (parentIds.length === 0) return false
- return checkParentsForIds(parentIds, listOfIds).then(response => {
- return response
- })
- })
-}
-
-async function getAllowedClients (userid, permissionid) {
+async function getAllowedClients (userid, permissionName) {
var user = await db.user.findOne({
- where: { id: userid, '$roles.permissions.id$': permissionid },
+ where: { id: userid, '$roles.permissions.name$': permissionName },
include: [{ as: 'roles', model: db.role, include: ['permissions', { as: 'groups', model: db.group, include: ['clients'] }] }]
})
// User doesn't have the permission
@@ -110,9 +99,9 @@ async function getAllowedClients (userid, permissionid) {
}
}
-async function hasPermissionForClient (userid, permissionid, clientid) {
+async function hasPermissionForClient (userid, permissionName, clientId) {
var user = await db.user.findOne({
- where: { id: userid, '$roles.permissions.id$': permissionid },
+ where: { id: userid, '$roles.permissions.name$': permissionName },
include: [{ as: 'roles', model: db.role, include: ['permissions', { as: 'groups', model: db.group, include: ['clients'] }] }]
})
if (user === null) return false
@@ -122,17 +111,37 @@ async function hasPermissionForClient (userid, permissionid, clientid) {
for (let i = 0; i < user.roles.length; i++) {
for (let j = 0; j < user.roles[i].groups.length; j++) {
var groupClients = user.roles[i].groups[j].clients.map(c => c.id)
- if (groupClients.includes(clientid)) return true
+ if (groupClients.includes(clientId)) return true
}
if (user.roles[i].recursiveGroups) permGrps = permGrps.concat(user.roles[i].groups.map(g => g.id))
}
permGrps = permGrps.filter(function (elem, pos, arr) { return arr.indexOf(elem) === pos })
var client = await db.client.findOne({
- where: { id: clientid },
+ where: { id: clientId },
include: [{ as: 'groups', model: db.group }]
})
- var groupids = client.groups.map(g => g.id)
- var result = await checkParentsForIds(groupids, permGrps)
+ var groupIds = client.groups.map(g => g.id)
+ var result = await checkParentsForIds(groupIds, permGrps)
return result
}
}
+
+async function checkParentsForIds (groupIds, listOfIds) {
+ if (listOfIds.length === 0) return false
+ if (groupIds.length === 0) return false
+
+ var parentIds = []
+ return db.group.findAll({ where: { id: groupIds }, include: ['parents'] }).then(groups => {
+ for (let i = 0; i < groups.length; i++) {
+ for (let j = 0; j < groups[i].parents.length; j++) {
+ var id = groups[i].parents[j].id
+ if (listOfIds.includes(id)) return true
+ if (!parentIds.includes(id)) parentIds.push(id)
+ }
+ }
+ if (parentIds.length === 0) return false
+ return checkParentsForIds(parentIds, listOfIds).then(response => {
+ return response
+ })
+ })
+} \ No newline at end of file