Aaltronav/dougal-software
1
0
Fork 0
mirror of https://gitlab.com/wgp/dougal/software.git synced 2025-12-06 12:17:08 +00:00
Code Issues Packages Projects Releases Activity

Refactor auth.access middleware.

Browse Source 
It users @dougal/user and @dougal/organisations classes.
This commit is contained in:
D. Berge
2025-07-24 19:14:19 +02:00
parent d58bc4d62e
commit f5441d186f
1 changed files with 65 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
lib/www/server/api/middleware/auth/access.js
View File

@@ -1,4 +1,6 @@
const { projectOrganisations, orgAccess } = require('../../../lib/db/project/organisations'); const { projectOrganisations, vesselOrganisations/*, orgAccess */} = require('../../../lib/db/project/organisations');
const ServerUser = require('../../../lib/db/user/User');
const { Organisations } = require('@dougal/organisations');
/** Second-order function. /** Second-order function.
* Returns a middleware that checks if the user has access to * Returns a middleware that checks if the user has access to
@@ -8,20 +10,78 @@ const { projectOrganisations, orgAccess } = require('../../../lib/db/project/org
*/ */
function operation (operation) { function operation (operation) {
return async function (req, res, next) { return async function (req, res, next) {
if (await orgAccess(req.user?.organisations, req.params.project ?? null, operation)) { const user = new ServerUser(req.user);
next(); if (req.params.project) {
const projectOrgs = new Organisations(await projectOrganisations(req.params.project));
const availableOrgs = projectOrgs.accessToOperation(operation).filter(user.organisations);
console.log("Operation: ", operation);
console.log("User: ", user.name);
console.log("User orgs: ", user.organisations);
console.log("Project orgs: ", projectOrgs);
console.log("Available orgs: ", availableOrgs);
if (availableOrgs.length > 0) {
next();
return;
}
} else { } else {
next({status: 403, message: "Access denied"}); const vesselOrgs = new Organisations(await vesselOrganisations());
const availableOrgs = vesselOrgs.accessToOperation(operation).filter(user.organisations);
console.log("Operation: ", operation);
console.log("User: ", user.name);
console.log("User orgs: ", user.organisations);
console.log("Vessel orgs: ", vesselOrgs);
console.log("Available orgs: ", availableOrgs);
if (availableOrgs.length > 0) {
next();
return;
}
}
next({status: 403, message: "Access denied"});
}
}
// function operation (operation) {
// return async function (req, res, next) {
// if (await orgAccess(req.user?.organisations, req.params.project ?? null, operation)) {
// next();
// } else {
// next({status: 403, message: "Access denied"});
// }
// }
// }
// Everyone can access
async function all (req, res, next) {
next();
}
// Any logged in user can access
async function user (req, res, next) {
if (req.user) {
next();
} else {
next({status: 403, message: "Access denied"});
}
}
// Any user who is an admin of at least one organisation
async function admin (req, res, next) {
if (req.user) {
const user = new ServerUser(req.user);
if (user.operations.accessToOperation("edit").length > 0) {
next();
return;
} }
} }
next({status: 403, message: "Access denied"});
} }
const read = operation('read'); const read = operation('read');
const write = operation('write'); const write = operation('write');
const edit = operation('edit'); const edit = operation('edit');
const admin = edit;
module.exports = { module.exports = {
all,
user,
read, read,
write, write,
edit, edit,