Updating to allow a list of roles to be retrieved, allowing resources to have multiple levels of role that they can be accessed via.
This commit is contained in:
parent
e918efe8c2
commit
bf4a8737f0
|
@ -231,7 +231,8 @@ exports.getRequiredResourceRole = async (
|
||||||
{ resourceId, subResourceId }
|
{ resourceId, subResourceId }
|
||||||
) => {
|
) => {
|
||||||
const roles = await exports.getAllRoles(appId)
|
const roles = await exports.getAllRoles(appId)
|
||||||
let main, sub
|
let main = [],
|
||||||
|
sub = []
|
||||||
for (let role of roles) {
|
for (let role of roles) {
|
||||||
// no permissions, ignore it
|
// no permissions, ignore it
|
||||||
if (!role.permissions) {
|
if (!role.permissions) {
|
||||||
|
@ -240,12 +241,13 @@ exports.getRequiredResourceRole = async (
|
||||||
const mainRes = role.permissions[resourceId]
|
const mainRes = role.permissions[resourceId]
|
||||||
const subRes = role.permissions[subResourceId]
|
const subRes = role.permissions[subResourceId]
|
||||||
if (mainRes && mainRes.indexOf(permLevel) !== -1) {
|
if (mainRes && mainRes.indexOf(permLevel) !== -1) {
|
||||||
main = role
|
main.push(role._id)
|
||||||
} else if (subRes && subRes.indexOf(permLevel) !== -1) {
|
} else if (subRes && subRes.indexOf(permLevel) !== -1) {
|
||||||
sub = role
|
sub.push(role._id)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return sub ? sub : main
|
// for now just return the IDs
|
||||||
|
return main.concat(sub)
|
||||||
}
|
}
|
||||||
|
|
||||||
class AccessController {
|
class AccessController {
|
||||||
|
|
|
@ -46,13 +46,15 @@ module.exports =
|
||||||
idOnly: false,
|
idOnly: false,
|
||||||
})
|
})
|
||||||
const permError = "User does not have permission"
|
const permError = "User does not have permission"
|
||||||
let requiredRole
|
let possibleRoleIds = []
|
||||||
if (hasResource(ctx)) {
|
if (hasResource(ctx)) {
|
||||||
requiredRole = await getRequiredResourceRole(ctx.appId, permLevel, ctx)
|
possibleRoleIds = await getRequiredResourceRole(ctx.appId, permLevel, ctx)
|
||||||
}
|
}
|
||||||
// check if we found a role, if not fallback to base permissions
|
// check if we found a role, if not fallback to base permissions
|
||||||
if (requiredRole) {
|
if (possibleRoleIds.length > 0) {
|
||||||
const found = hierarchy.find(role => role._id === requiredRole._id)
|
const found = hierarchy.find(
|
||||||
|
role => possibleRoleIds.indexOf(role._id) !== -1
|
||||||
|
)
|
||||||
return found ? next() : ctx.throw(403, permError)
|
return found ? next() : ctx.throw(403, permError)
|
||||||
} else if (!doesHaveBasePermission(permType, permLevel, hierarchy)) {
|
} else if (!doesHaveBasePermission(permType, permLevel, hierarchy)) {
|
||||||
ctx.throw(403, permError)
|
ctx.throw(403, permError)
|
||||||
|
|
Loading…
Reference in New Issue