Updating to allow a list of roles to be retrieved, allowing resources to have multiple levels of role that they can be accessed via.
This commit is contained in:
parent
e918efe8c2
commit
bf4a8737f0
|
@ -231,7 +231,8 @@ exports.getRequiredResourceRole = async (
|
|||
{ resourceId, subResourceId }
|
||||
) => {
|
||||
const roles = await exports.getAllRoles(appId)
|
||||
let main, sub
|
||||
let main = [],
|
||||
sub = []
|
||||
for (let role of roles) {
|
||||
// no permissions, ignore it
|
||||
if (!role.permissions) {
|
||||
|
@ -240,12 +241,13 @@ exports.getRequiredResourceRole = async (
|
|||
const mainRes = role.permissions[resourceId]
|
||||
const subRes = role.permissions[subResourceId]
|
||||
if (mainRes && mainRes.indexOf(permLevel) !== -1) {
|
||||
main = role
|
||||
main.push(role._id)
|
||||
} else if (subRes && subRes.indexOf(permLevel) !== -1) {
|
||||
sub = role
|
||||
sub.push(role._id)
|
||||
}
|
||||
}
|
||||
return sub ? sub : main
|
||||
// for now just return the IDs
|
||||
return main.concat(sub)
|
||||
}
|
||||
|
||||
class AccessController {
|
||||
|
|
|
@ -46,13 +46,15 @@ module.exports =
|
|||
idOnly: false,
|
||||
})
|
||||
const permError = "User does not have permission"
|
||||
let requiredRole
|
||||
let possibleRoleIds = []
|
||||
if (hasResource(ctx)) {
|
||||
requiredRole = await getRequiredResourceRole(ctx.appId, permLevel, ctx)
|
||||
possibleRoleIds = await getRequiredResourceRole(ctx.appId, permLevel, ctx)
|
||||
}
|
||||
// check if we found a role, if not fallback to base permissions
|
||||
if (requiredRole) {
|
||||
const found = hierarchy.find(role => role._id === requiredRole._id)
|
||||
if (possibleRoleIds.length > 0) {
|
||||
const found = hierarchy.find(
|
||||
role => possibleRoleIds.indexOf(role._id) !== -1
|
||||
)
|
||||
return found ? next() : ctx.throw(403, permError)
|
||||
} else if (!doesHaveBasePermission(permType, permLevel, hierarchy)) {
|
||||
ctx.throw(403, permError)
|
||||
|
|
Loading…
Reference in New Issue