From d6e07668fb381d1c0ec8ba815b4ffab979994bc9 Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Mon, 4 Feb 2019 00:03:45 +0000 Subject: Implement Middlware for Permission Manager --- server/lib/permissions/permissions.json | 16 +++--- server/lib/permissions/permissionutil.js | 83 ++++++++++++++++++-------------- 2 files changed, 54 insertions(+), 45 deletions(-) (limited to 'server/lib/permissions') diff --git a/server/lib/permissions/permissions.json b/server/lib/permissions/permissions.json index cdb9773..96c971d 100644 --- a/server/lib/permissions/permissions.json +++ b/server/lib/permissions/permissions.json @@ -1,17 +1,17 @@ [ { - "name": "A", - "descr": "Testing permission A", - "groupdependent": true + "name": "permissions.saverole", + "descr": "For saving a role", + "groupdependent": false }, { - "name": "Very long permission name with very long description", - "descr": "Even longer description of the very long permission with the very long name with the very long description", + "name": "permissions.editrole", + "descr": "For editing a role", "groupdependent": false }, { - "name": "Short is short", - "descr": "nanananana", - "groupdependent": true + "name": "permissions.deleterole", + "descr": "For deleting a role", + "groupdependent": false } ] \ No newline at end of file diff --git a/server/lib/permissions/permissionutil.js b/server/lib/permissions/permissionutil.js index fee2181..709cd29 100644 --- a/server/lib/permissions/permissionutil.js +++ b/server/lib/permissions/permissionutil.js @@ -3,19 +3,28 @@ const path = require('path') var db = require(path.join(__appdir, 'lib', 'sequelize')) var groupUtil = require(path.join(__appdir, 'lib', 'grouputil')) -module.exports = { hasPermission, getAllowedGroups, hasPermissionForGroup, getAllowedClients, hasPermissionForClient } +module.exports = { exportFunctions } -async function hasPermission (userid, permissionid) { +function exportFunctions (req, res, next) { + req.user.hasPermission = permissionName => hasPermission(req.user.id, permissionName) + req.user.getAllowedGroups = permissionName => getAllowedGroups(req.user.id, permissionName) + req.user.hasPermissionForGroup = (permissionName, groupId) => hasPermissionForGroup(req.user.id, permissionName, groupId) + req.user.getAllowedClients = permissionName => getAllowedClients(req.user.id, permissionName) + req.user.hasPermissionForClient = (permissionName, clientId) => hasPermissionForClient(req.user.id, permissionName, clientId) + next() +} + +async function hasPermission (userid, permissionName) { var user = await db.user.findOne({ - where: { id: userid, '$roles.permissions.id$': permissionid }, + where: { id: userid, '$roles.permissions.name$': permissionName }, include: [{ as: 'roles', model: db.role, include: ['permissions'] }] }) return user !== null } -async function getAllowedGroups (userid, permissionid) { +async function getAllowedGroups (userid, permissionName) { var user = await db.user.findOne({ - where: { id: userid, '$roles.permissions.id$': permissionid }, + where: { id: userid, '$roles.permissions.name$': permissionName }, include: [{ as: 'roles', model: db.role, include: ['permissions', 'groups'] }] }) // User doesn't have the permission @@ -39,9 +48,9 @@ async function getAllowedGroups (userid, permissionid) { } } -async function hasPermissionForGroup (userid, permissionid, groupid) { +async function hasPermissionForGroup (userid, permissionName, groupId) { var user = await db.user.findOne({ - where: { id: userid, '$roles.permissions.id$': permissionid }, + where: { id: userid, '$roles.permissions.name$': permissionName }, include: [{ as: 'roles', model: db.role, include: ['permissions', 'groups'] }] }) // User doesn't have permission @@ -50,41 +59,21 @@ async function hasPermissionForGroup (userid, permissionid, groupid) { else if (!user.roles[0].permissions[0].groupdependent) return true // User has permission, permission is groupdependent, check for group else { - if (user.roles.map(r => r.groups.map(g => g.id)).includes(groupid)) return true + if (user.roles.map(r => r.groups.map(g => g.id)).includes(groupId)) return true var permGrps = [] for (let i = 0; i < user.roles.length; i++) { if (user.roles[i].recursiveGroups) permGrps = permGrps.concat(user.roles[i].groups.map(g => g.id)) } permGrps = permGrps.filter(function (elem, pos, arr) { return arr.indexOf(elem) === pos }) // get all parents of groupId and check if any parentid is in the list of groups of RECURSIVE flagged roles. - var result = await checkParentsForIds(groupid, permGrps) + var result = await checkParentsForIds(groupId, permGrps) return result } } -async function checkParentsForIds (groupIds, listOfIds) { - if (listOfIds.length === 0) return false - if (groupIds.length === 0) return false - - var parentIds = [] - return db.group.findAll({ where: { id: groupIds }, include: ['parents'] }).then(groups => { - for (let i = 0; i < groups.length; i++) { - for (let j = 0; j < groups[i].parents.length; j++) { - var id = groups[i].parents[j].id - if (listOfIds.includes(id)) return true - if (!parentIds.includes(id)) parentIds.push(id) - } - } - if (parentIds.length === 0) return false - return checkParentsForIds(parentIds, listOfIds).then(response => { - return response - }) - }) -} - -async function getAllowedClients (userid, permissionid) { +async function getAllowedClients (userid, permissionName) { var user = await db.user.findOne({ - where: { id: userid, '$roles.permissions.id$': permissionid }, + where: { id: userid, '$roles.permissions.name$': permissionName }, include: [{ as: 'roles', model: db.role, include: ['permissions', { as: 'groups', model: db.group, include: ['clients'] }] }] }) // User doesn't have the permission @@ -110,9 +99,9 @@ async function getAllowedClients (userid, permissionid) { } } -async function hasPermissionForClient (userid, permissionid, clientid) { +async function hasPermissionForClient (userid, permissionName, clientId) { var user = await db.user.findOne({ - where: { id: userid, '$roles.permissions.id$': permissionid }, + where: { id: userid, '$roles.permissions.name$': permissionName }, include: [{ as: 'roles', model: db.role, include: ['permissions', { as: 'groups', model: db.group, include: ['clients'] }] }] }) if (user === null) return false @@ -122,17 +111,37 @@ async function hasPermissionForClient (userid, permissionid, clientid) { for (let i = 0; i < user.roles.length; i++) { for (let j = 0; j < user.roles[i].groups.length; j++) { var groupClients = user.roles[i].groups[j].clients.map(c => c.id) - if (groupClients.includes(clientid)) return true + if (groupClients.includes(clientId)) return true } if (user.roles[i].recursiveGroups) permGrps = permGrps.concat(user.roles[i].groups.map(g => g.id)) } permGrps = permGrps.filter(function (elem, pos, arr) { return arr.indexOf(elem) === pos }) var client = await db.client.findOne({ - where: { id: clientid }, + where: { id: clientId }, include: [{ as: 'groups', model: db.group }] }) - var groupids = client.groups.map(g => g.id) - var result = await checkParentsForIds(groupids, permGrps) + var groupIds = client.groups.map(g => g.id) + var result = await checkParentsForIds(groupIds, permGrps) return result } } + +async function checkParentsForIds (groupIds, listOfIds) { + if (listOfIds.length === 0) return false + if (groupIds.length === 0) return false + + var parentIds = [] + return db.group.findAll({ where: { id: groupIds }, include: ['parents'] }).then(groups => { + for (let i = 0; i < groups.length; i++) { + for (let j = 0; j < groups[i].parents.length; j++) { + var id = groups[i].parents[j].id + if (listOfIds.includes(id)) return true + if (!parentIds.includes(id)) parentIds.push(id) + } + } + if (parentIds.length === 0) return false + return checkParentsForIds(parentIds, listOfIds).then(response => { + return response + }) + }) +} \ No newline at end of file -- cgit v1.2.3-55-g7522