/
ncMetaAclMw.ts
76 lines (73 loc) 路 2.19 KB
/
ncMetaAclMw.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import projectAcl from '../../utils/projectAcl';
import { NextFunction, Request, Response } from 'express';
import catchError, { NcError } from './catchError';
import extractProjectIdAndAuthenticate from './extractProjectIdAndAuthenticate';
export default function(handlerFn, permissionName) {
return [
extractProjectIdAndAuthenticate,
catchError(async function authMiddleware(req, _res, next) {
const roles = req?.session?.passport?.user?.roles;
if (
!(
roles?.creator ||
roles?.owner ||
roles?.editor ||
roles?.viewer ||
roles?.commenter ||
roles?.user ||
roles?.user_new
)
) {
NcError.unauthorized('Unauthorized access');
}
next();
}),
// @ts-ignore
catchError(async function projectAclMiddleware(
req: Request<any, any, any, any, any>,
_res: Response,
next: NextFunction
) {
// if (req['files'] && req.body.json) {
// req.body = JSON.parse(req.body.json);
// }
// if (req['session']?.passport?.user?.isAuthorized) {
// if (
// req?.body?.project_id &&
// !req['session']?.passport?.user?.isPublicBase &&
// !(await this.xcMeta.isUserHaveAccessToProject(
// req?.body?.project_id,
// req['session']?.passport?.user?.id
// ))
// ) {
// return res
// .status(403)
// .json({ msg: "User doesn't have project access" });
// }
//
// if (req?.body?.api) {
// todo : verify user have access to project or not
const roles = req['session']?.passport?.user?.roles;
const isAllowed =
roles &&
Object.entries(roles).some(([name, hasRole]) => {
return (
hasRole &&
projectAcl[name] &&
(projectAcl[name] === '*' || projectAcl[name][permissionName])
);
});
if (!isAllowed) {
NcError.forbidden(
`${permissionName} - ${Object.keys(roles).filter(
k => roles[k]
)} : Not allowed`
);
}
// }
// }
next();
}),
catchError(handlerFn)
];
}