Refactor access to info table.

To adapt to new permissions system.

lib/www/server/lib/db/info/check-permission.js

@@ -30,7 +30,7 @@ const dictionary = {
 	config: {
 		// Configuration (site-wide or survey)
 		// Nobody except admin can access
-		_: { _: false, admin: true }
+		_: { _: false, edit: true }
 	},
 	qc: {
 		// QC results (survey)
@@ -42,13 +42,13 @@ const dictionary = {
 		// Equipment info (site)
 		// Everyone can read, user + admin can alter
 		get: { _: true },
-		_  : { _: false, user: true, admin: true }
+		_  : { _: false, write: true, edit: true }
 	},
 	contact: {
 		// Contact details (basically an example entry)
 		// Everyone can read, admin can alter
 		get: { _: true },
-		_  : { _: false, admin: true },
+		_  : { _: false, edit: true },
 	}
 }
 
@@ -56,7 +56,7 @@ const dictionary = {
  *
  * @a key {String} is the object of the action.
  * @a verb {String} is the action.
- * @a role {String} is the subject of the action.
+ * @a operations {Array} is one of the subjects of the action.
  *
  * @returns {Boolean} `true` is the action is allowed,
  * `false` if it is not.
@@ -67,12 +67,17 @@ const dictionary = {
  * by `_`, others are entered explicitly.
  *
  */
-function checkPermission (key, verb, role) {
+function checkPermission (key, verb, operations) {
 	const entry = dictionary[key]
 	if (entry) {
 		const action = entry[verb] ?? entry._
 		if (action) {
-			return action[role] ?? action._ ?? false;
+			for (const op of operations) {
+				if ((op in action)) {
+					return action[op];
+				}
+			}
+			return action._ ?? false;
 		}
 		return false;
 	}

lib/www/server/lib/db/info/delete.js

@@ -1,11 +1,11 @@
 const { setSurvey, transaction } = require('../connection');
 const checkPermission = require('./check-permission');
 
-async function del (projectId, path, opts = {}, role) {
+async function del (projectId, path, opts = {}, operations = []) {
 	const client = await setSurvey(projectId);
 	const [key, ...jsonpath] = (path||"").split("/").filter(i => i.length);
 
-	if (!checkPermission(key, "delete", role)) {
+	if (!checkPermission(key, "delete", operations)) {
 		throw {status: 403, message: "Forbidden"};
 		return;
 	}

lib/www/server/lib/db/info/get.js

@@ -1,11 +1,11 @@
 const { setSurvey } = require('../connection');
 const checkPermission = require('./check-permission');
 
-async function get (projectId, path, opts = {}, role) {
+async function get (projectId, path, opts = {}, operations = []) {
 	const client = await setSurvey(projectId);
 	const [key, ...subkey] = path.split("/").filter(i => i.trim().length);
 
-	if (!checkPermission(key, "get", role)) {
+	if (!checkPermission(key, "get", operations)) {
 		throw {status: 403, message: "Forbidden"};
 		return;
 	}

lib/www/server/lib/db/info/post.js

@@ -1,11 +1,11 @@
 const { setSurvey, transaction } = require('../connection');
 const checkPermission = require('./check-permission');
 
-async function post (projectId, path, payload, opts = {}, role) {
+async function post (projectId, path, payload, opts = {}, operations = []) {
 	const client = await setSurvey(projectId);
 	const [key, ...jsonpath] = (path||"").split("/").filter(i => i.length);
 
-	if (!checkPermission(key, "post", role)) {
+	if (!checkPermission(key, "post", operations)) {
 		throw {status: 403, message: "Forbidden"};
 		return;
 	}

lib/www/server/lib/db/info/put.js

@@ -1,11 +1,11 @@
 const { setSurvey, transaction } = require('../connection');
 const checkPermission = require('./check-permission');
 
-async function put (projectId, path, payload, opts = {}, role) {
+async function put (projectId, path, payload, opts = {}, operations = []) {
 	const client = await setSurvey(projectId);
 	const [key, ...jsonpath] = (path??"").split("/").filter(i => i.length);
 
-	if (role !== null && !checkPermission(key, "put", role)) {
+	if (!checkPermission(key, "put", operations)) {
 		throw {status: 403, message: "Forbidden"};
 		return;
 	}