Updating to allow a list of roles to be retrieved, allowing resources to have multiple levels of role that they can be accessed via.

This commit is contained in:
mike12345567 2021-11-15 15:26:09 +00:00
parent e918efe8c2
commit bf4a8737f0
2 changed files with 12 additions and 8 deletions

View File

@ -231,7 +231,8 @@ exports.getRequiredResourceRole = async (
{ resourceId, subResourceId }
) => {
const roles = await exports.getAllRoles(appId)
let main, sub
let main = [],
sub = []
for (let role of roles) {
// no permissions, ignore it
if (!role.permissions) {
@ -240,12 +241,13 @@ exports.getRequiredResourceRole = async (
const mainRes = role.permissions[resourceId]
const subRes = role.permissions[subResourceId]
if (mainRes && mainRes.indexOf(permLevel) !== -1) {
main = role
main.push(role._id)
} else if (subRes && subRes.indexOf(permLevel) !== -1) {
sub = role
sub.push(role._id)
}
}
return sub ? sub : main
// for now just return the IDs
return main.concat(sub)
}
class AccessController {

View File

@ -46,13 +46,15 @@ module.exports =
idOnly: false,
})
const permError = "User does not have permission"
let requiredRole
let possibleRoleIds = []
if (hasResource(ctx)) {
requiredRole = await getRequiredResourceRole(ctx.appId, permLevel, ctx)
possibleRoleIds = await getRequiredResourceRole(ctx.appId, permLevel, ctx)
}
// check if we found a role, if not fallback to base permissions
if (requiredRole) {
const found = hierarchy.find(role => role._id === requiredRole._id)
if (possibleRoleIds.length > 0) {
const found = hierarchy.find(
role => possibleRoleIds.indexOf(role._id) !== -1
)
return found ? next() : ctx.throw(403, permError)
} else if (!doesHaveBasePermission(permType, permLevel, hierarchy)) {
ctx.throw(403, permError)