Move custom rbac from controller to routes
This commit is contained in:
parent
0e0157c888
commit
6fe2c38bce
|
@ -23,12 +23,6 @@ const MAX_USERS_UPLOAD_LIMIT = 1000
|
|||
|
||||
export const save = async (ctx: any) => {
|
||||
try {
|
||||
const body = ctx.request.body
|
||||
const isCreate = !body._id
|
||||
const isAdmin = !!ctx.user.admin?.global
|
||||
if (isCreate && !isAdmin) {
|
||||
ctx.throw(403, "Only admin user can create new user.")
|
||||
}
|
||||
ctx.body = await sdk.users.save(ctx.request.body)
|
||||
} catch (err: any) {
|
||||
ctx.throw(err.status || 400, err)
|
||||
|
|
|
@ -40,6 +40,14 @@ function buildInviteMultipleValidation() {
|
|||
))
|
||||
}
|
||||
|
||||
const createUserAdminOnly = (ctx, next) => {
|
||||
if (!ctx.request.body._id) {
|
||||
return adminOnly(ctx, next)
|
||||
} else {
|
||||
return builderOrAdmin(ctx, next)
|
||||
}
|
||||
}
|
||||
|
||||
function buildInviteAcceptValidation() {
|
||||
// prettier-ignore
|
||||
return joiValidator.body(Joi.object({
|
||||
|
@ -51,7 +59,7 @@ function buildInviteAcceptValidation() {
|
|||
router
|
||||
.post(
|
||||
"/api/global/users",
|
||||
builderOrAdmin,
|
||||
createUserAdminOnly,
|
||||
users.buildUserSaveValidation(),
|
||||
controller.save
|
||||
)
|
||||
|
|
|
@ -72,29 +72,12 @@ class TestConfiguration {
|
|||
|
||||
// UTILS
|
||||
|
||||
async _req(
|
||||
config: any,
|
||||
params: any,
|
||||
controlFunc: any,
|
||||
opts: { force?: boolean } = {}
|
||||
) {
|
||||
async _req(config: any, params: any, controlFunc: any) {
|
||||
const request: any = {}
|
||||
// fake cookies, we don't need them
|
||||
request.cookies = { set: () => {}, get: () => {} }
|
||||
request.config = { jwtSecret: env.JWT_SECRET }
|
||||
if (opts.force) {
|
||||
request.user = {
|
||||
tenantId: this.getTenantId(),
|
||||
admin: { global: true },
|
||||
builder: { global: true },
|
||||
}
|
||||
} else if (this.defaultUser) {
|
||||
request.user = this.defaultUser
|
||||
} else {
|
||||
request.user = {
|
||||
tenantId: this.getTenantId(),
|
||||
}
|
||||
}
|
||||
request.user = { tenantId: this.getTenantId() }
|
||||
request.query = {}
|
||||
request.request = {
|
||||
body: config,
|
||||
|
@ -146,7 +129,7 @@ class TestConfiguration {
|
|||
email: "test@test.com",
|
||||
password: "test",
|
||||
})
|
||||
this.defaultUser = await this.createUser(user, { force: true })
|
||||
this.defaultUser = await this.createUser(user)
|
||||
}
|
||||
|
||||
async createTenant1User() {
|
||||
|
@ -154,16 +137,15 @@ class TestConfiguration {
|
|||
email: "tenant1@test.com",
|
||||
password: "test",
|
||||
})
|
||||
this.tenant1User = await this.createUser(user, { force: true })
|
||||
this.tenant1User = await this.createUser(user)
|
||||
}
|
||||
|
||||
async createSession(user: User) {
|
||||
const session: any = {
|
||||
await sessions.createASession(user._id!, {
|
||||
sessionId: "sessionid",
|
||||
tenantId: user.tenantId,
|
||||
csrfToken: CSRF_TOKEN,
|
||||
}
|
||||
await sessions.createASession(user._id!, session)
|
||||
})
|
||||
}
|
||||
|
||||
cookieHeader(cookies: any) {
|
||||
|
@ -203,11 +185,11 @@ class TestConfiguration {
|
|||
})
|
||||
}
|
||||
|
||||
async createUser(user?: User, opts: any = {}) {
|
||||
async createUser(user?: User) {
|
||||
if (!user) {
|
||||
user = structures.users.user()
|
||||
}
|
||||
const response = await this._req(user, null, controllers.users.save, opts)
|
||||
const response = await this._req(user, null, controllers.users.save)
|
||||
const body = response as CreateUserResponse
|
||||
return this.getUser(body.email)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue