2025-07-24 19:14:19 +02:00
|
|
|
const { projectOrganisations, vesselOrganisations/*, orgAccess */} = require('../../../lib/db/project/organisations');
|
|
|
|
|
const ServerUser = require('../../../lib/db/user/User');
|
|
|
|
|
const { Organisations } = require('@dougal/organisations');
|
2025-08-11 22:06:20 +02:00
|
|
|
const { ERROR, INFO, DEBUG } = require('DOUGAL_ROOT/debug')(__filename);
|
2020-10-12 19:42:02 +02:00
|
|
|
|
2025-07-11 22:48:44 +02:00
|
|
|
/** Second-order function.
|
|
|
|
|
* Returns a middleware that checks if the user has access to
|
|
|
|
|
* `operation` in the project identified by `req.params.project`
|
2025-07-12 16:49:10 +02:00
|
|
|
* or, if `req.params.project` is not defined, against the vessel
|
|
|
|
|
* access permissions.
|
2023-11-03 21:22:02 +01:00
|
|
|
*/
|
2025-07-11 22:48:44 +02:00
|
|
|
function operation (operation) {
|
|
|
|
|
return async function (req, res, next) {
|
2025-07-24 19:14:19 +02:00
|
|
|
const user = new ServerUser(req.user);
|
|
|
|
|
if (req.params.project) {
|
|
|
|
|
const projectOrgs = new Organisations(await projectOrganisations(req.params.project));
|
|
|
|
|
const availableOrgs = projectOrgs.accessToOperation(operation).filter(user.organisations);
|
2025-08-11 22:06:20 +02:00
|
|
|
DEBUG(`operation = ${operation}, user = ${user?.name}, user orgs = %j, project orgs = %j, availableOrgs = %j`, user.organisations.toJSON(), projectOrgs.toJSON(), availableOrgs.toJSON());
|
2025-07-24 19:14:19 +02:00
|
|
|
if (availableOrgs.length > 0) {
|
|
|
|
|
next();
|
|
|
|
|
return;
|
|
|
|
|
}
|
2025-07-12 16:49:10 +02:00
|
|
|
} else {
|
2025-07-24 19:14:19 +02:00
|
|
|
const vesselOrgs = new Organisations(await vesselOrganisations());
|
|
|
|
|
const availableOrgs = vesselOrgs.accessToOperation(operation).filter(user.organisations);
|
2025-08-11 22:06:20 +02:00
|
|
|
DEBUG(`operation = ${operation}, user = ${user?.name}, user orgs = %j, vessel orgs = %j, availableOrgs = %j`, user.organisations.toJSON(), vesselOrgs.toJSON(), availableOrgs.toJSON());
|
2025-07-24 19:14:19 +02:00
|
|
|
if (availableOrgs.length > 0) {
|
|
|
|
|
next();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
2025-08-11 22:06:20 +02:00
|
|
|
DEBUG(`Access denied to operation ${operation}.`);
|
2025-07-24 19:14:19 +02:00
|
|
|
next({status: 403, message: "Access denied"});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// function operation (operation) {
|
|
|
|
|
// return async function (req, res, next) {
|
|
|
|
|
// if (await orgAccess(req.user?.organisations, req.params.project ?? null, operation)) {
|
|
|
|
|
// next();
|
|
|
|
|
// } else {
|
|
|
|
|
// next({status: 403, message: "Access denied"});
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
// Everyone can access
|
|
|
|
|
async function all (req, res, next) {
|
|
|
|
|
next();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Any logged in user can access
|
|
|
|
|
async function user (req, res, next) {
|
|
|
|
|
if (req.user) {
|
|
|
|
|
next();
|
|
|
|
|
} else {
|
|
|
|
|
next({status: 403, message: "Access denied"});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Any user who is an admin of at least one organisation
|
|
|
|
|
async function admin (req, res, next) {
|
|
|
|
|
if (req.user) {
|
|
|
|
|
const user = new ServerUser(req.user);
|
2025-08-07 10:41:29 +02:00
|
|
|
if (user.organisations.accessToOperation("edit").length > 0) {
|
2025-07-24 19:14:19 +02:00
|
|
|
next();
|
|
|
|
|
return;
|
2023-11-03 21:22:02 +01:00
|
|
|
}
|
2025-07-11 22:48:44 +02:00
|
|
|
}
|
2025-07-24 19:14:19 +02:00
|
|
|
next({status: 403, message: "Access denied"});
|
2023-11-03 21:22:02 +01:00
|
|
|
}
|
|
|
|
|
|
2025-07-11 22:48:44 +02:00
|
|
|
const read = operation('read');
|
|
|
|
|
const write = operation('write');
|
|
|
|
|
const edit = operation('edit');
|
|
|
|
|
|
2020-10-12 19:42:02 +02:00
|
|
|
module.exports = {
|
2025-07-24 19:14:19 +02:00
|
|
|
all,
|
|
|
|
|
user,
|
2020-10-12 19:42:02 +02:00
|
|
|
read,
|
|
|
|
|
write,
|
2025-07-11 22:48:44 +02:00
|
|
|
edit,
|
2023-11-03 21:22:02 +01:00
|
|
|
admin,
|
2020-10-12 19:42:02 +02:00
|
|
|
};
|
