Aaltronav/dougal-software
1
0
Fork 0
mirror of https://gitlab.com/wgp/dougal/software.git synced 2025-12-06 08:47:07 +00:00
Code Issues Packages Projects Releases Activity

Check permissions against vessel if not on a project endpoint

Browse Source
This commit is contained in:
D. Berge
2025-07-12 16:49:10 +02:00
parent 15570e0f3d
commit 7c6d3fe5ee
1 changed files with 6 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/www/server/api/middleware/auth/access.js
View File

@@ -3,21 +3,16 @@ const { projectOrganisations, orgAccess } = require('../../../lib/db/project/org
/** Second-order function.
* Returns a middleware that checks if the user has access to
* `operation` in the project identified by `req.params.project`
* or, if `req.params.project` is not defined, against the vessel
* access permissions.
*/
function operation (operation) {
return async function (req, res, next) {
if (req.user) {
if (req.params.project) {
if (await orgAccess(req.user.organisations, req.params.project, operation)) {
next();
return;
}
} else {
next();
return;
}
if (await orgAccess(req.user?.organisations, req.params.project ?? null, operation)) {
next();
} else {
next({status: 403, message: "Access denied"});
}
next({status: 403, message: "Access denied"});
}
}