Move custom rbac from controller to routes

This commit is contained in:
Mel O'Hagan 2022-11-30 09:29:56 +00:00
parent 0e0157c888
commit 6fe2c38bce
3 changed files with 17 additions and 33 deletions

View File

@ -23,12 +23,6 @@ const MAX_USERS_UPLOAD_LIMIT = 1000
export const save = async (ctx: any) => {
try {
const body = ctx.request.body
const isCreate = !body._id
const isAdmin = !!ctx.user.admin?.global
if (isCreate && !isAdmin) {
ctx.throw(403, "Only admin user can create new user.")
}
ctx.body = await sdk.users.save(ctx.request.body)
} catch (err: any) {
ctx.throw(err.status || 400, err)

View File

@ -40,6 +40,14 @@ function buildInviteMultipleValidation() {
))
}
const createUserAdminOnly = (ctx, next) => {
if (!ctx.request.body._id) {
return adminOnly(ctx, next)
} else {
return builderOrAdmin(ctx, next)
}
}
function buildInviteAcceptValidation() {
// prettier-ignore
return joiValidator.body(Joi.object({
@ -51,7 +59,7 @@ function buildInviteAcceptValidation() {
router
.post(
"/api/global/users",
builderOrAdmin,
createUserAdminOnly,
users.buildUserSaveValidation(),
controller.save
)

View File

@ -72,29 +72,12 @@ class TestConfiguration {
// UTILS
async _req(
config: any,
params: any,
controlFunc: any,
opts: { force?: boolean } = {}
) {
async _req(config: any, params: any, controlFunc: any) {
const request: any = {}
// fake cookies, we don't need them
request.cookies = { set: () => {}, get: () => {} }
request.config = { jwtSecret: env.JWT_SECRET }
if (opts.force) {
request.user = {
tenantId: this.getTenantId(),
admin: { global: true },
builder: { global: true },
}
} else if (this.defaultUser) {
request.user = this.defaultUser
} else {
request.user = {
tenantId: this.getTenantId(),
}
}
request.user = { tenantId: this.getTenantId() }
request.query = {}
request.request = {
body: config,
@ -146,7 +129,7 @@ class TestConfiguration {
email: "test@test.com",
password: "test",
})
this.defaultUser = await this.createUser(user, { force: true })
this.defaultUser = await this.createUser(user)
}
async createTenant1User() {
@ -154,16 +137,15 @@ class TestConfiguration {
email: "tenant1@test.com",
password: "test",
})
this.tenant1User = await this.createUser(user, { force: true })
this.tenant1User = await this.createUser(user)
}
async createSession(user: User) {
const session: any = {
await sessions.createASession(user._id!, {
sessionId: "sessionid",
tenantId: user.tenantId,
csrfToken: CSRF_TOKEN,
}
await sessions.createASession(user._id!, session)
})
}
cookieHeader(cookies: any) {
@ -203,11 +185,11 @@ class TestConfiguration {
})
}
async createUser(user?: User, opts: any = {}) {
async createUser(user?: User) {
if (!user) {
user = structures.users.user()
}
const response = await this._req(user, null, controllers.users.save, opts)
const response = await this._req(user, null, controllers.users.save)
const body = response as CreateUserResponse
return this.getUser(body.email)
}