Updating to allow a list of roles to be retrieved, allowing resources to have multiple levels of role that they can be accessed via.

This commit is contained in:
mike12345567 2021-11-15 15:26:09 +00:00
parent 4268ad6f80
commit e0f04abfb1
2 changed files with 12 additions and 8 deletions

View File

@ -231,7 +231,8 @@ exports.getRequiredResourceRole = async (
{ resourceId, subResourceId } { resourceId, subResourceId }
) => { ) => {
const roles = await exports.getAllRoles(appId) const roles = await exports.getAllRoles(appId)
let main, sub let main = [],
sub = []
for (let role of roles) { for (let role of roles) {
// no permissions, ignore it // no permissions, ignore it
if (!role.permissions) { if (!role.permissions) {
@ -240,12 +241,13 @@ exports.getRequiredResourceRole = async (
const mainRes = role.permissions[resourceId] const mainRes = role.permissions[resourceId]
const subRes = role.permissions[subResourceId] const subRes = role.permissions[subResourceId]
if (mainRes && mainRes.indexOf(permLevel) !== -1) { if (mainRes && mainRes.indexOf(permLevel) !== -1) {
main = role main.push(role._id)
} else if (subRes && subRes.indexOf(permLevel) !== -1) { } else if (subRes && subRes.indexOf(permLevel) !== -1) {
sub = role sub.push(role._id)
} }
} }
return sub ? sub : main // for now just return the IDs
return main.concat(sub)
} }
class AccessController { class AccessController {

View File

@ -46,13 +46,15 @@ module.exports =
idOnly: false, idOnly: false,
}) })
const permError = "User does not have permission" const permError = "User does not have permission"
let requiredRole let possibleRoleIds = []
if (hasResource(ctx)) { if (hasResource(ctx)) {
requiredRole = await getRequiredResourceRole(ctx.appId, permLevel, ctx) possibleRoleIds = await getRequiredResourceRole(ctx.appId, permLevel, ctx)
} }
// check if we found a role, if not fallback to base permissions // check if we found a role, if not fallback to base permissions
if (requiredRole) { if (possibleRoleIds.length > 0) {
const found = hierarchy.find(role => role._id === requiredRole._id) const found = hierarchy.find(
role => possibleRoleIds.indexOf(role._id) !== -1
)
return found ? next() : ctx.throw(403, permError) return found ? next() : ctx.throw(403, permError)
} else if (!doesHaveBasePermission(permType, permLevel, hierarchy)) { } else if (!doesHaveBasePermission(permType, permLevel, hierarchy)) {
ctx.throw(403, permError) ctx.throw(403, permError)