Aaltronav/dougal-software
1
0
Fork 0
mirror of https://gitlab.com/wgp/dougal/software.git synced 2025-12-06 10:17:07 +00:00
Code Issues Packages Projects Releases Activity
Files
0c5ea7f30ad23ac06c451efca3cfc43d662edad3
dougal-software/lib/www/server/api/middleware/auth/access.js
D. Berge f5441d186f Refactor auth.access middleware. 
It users @dougal/user and @dougal/organisations classes.
2025-07-24 19:14:19 +02:00

90 lines
2.6 KiB
JavaScript
Raw Blame History

const { projectOrganisations, vesselOrganisations/*, orgAccess */} = require('../../../lib/db/project/organisations');
const ServerUser = require('../../../lib/db/user/User');
const { Organisations } = require('@dougal/organisations');
/** Second-order function.
* Returns a middleware that checks if the user has access to
* `operation` in the project identified by `req.params.project`
* or, if `req.params.project` is not defined, against the vessel
* access permissions.
*/
function operation (operation) {
return async function (req, res, next) {
const user = new ServerUser(req.user);
if (req.params.project) {
const projectOrgs = new Organisations(await projectOrganisations(req.params.project));
const availableOrgs = projectOrgs.accessToOperation(operation).filter(user.organisations);
console.log("Operation: ", operation);
console.log("User: ", user.name);
console.log("User orgs: ", user.organisations);
console.log("Project orgs: ", projectOrgs);
console.log("Available orgs: ", availableOrgs);
if (availableOrgs.length > 0) {
next();
return;
}
} else {
const vesselOrgs = new Organisations(await vesselOrganisations());
const availableOrgs = vesselOrgs.accessToOperation(operation).filter(user.organisations);
console.log("Operation: ", operation);
console.log("User: ", user.name);
console.log("User orgs: ", user.organisations);
console.log("Vessel orgs: ", vesselOrgs);
console.log("Available orgs: ", availableOrgs);
if (availableOrgs.length > 0) {
next();
return;
}
}
next({status: 403, message: "Access denied"});
}
}
// function operation (operation) {
// return async function (req, res, next) {
// if (await orgAccess(req.user?.organisations, req.params.project ?? null, operation)) {
// next();
// } else {
// next({status: 403, message: "Access denied"});
// }
// }
// }
// Everyone can access
async function all (req, res, next) {
next();
}
// Any logged in user can access
async function user (req, res, next) {
if (req.user) {
next();
} else {
next({status: 403, message: "Access denied"});
}
}
// Any user who is an admin of at least one organisation
async function admin (req, res, next) {
if (req.user) {
const user = new ServerUser(req.user);
if (user.operations.accessToOperation("edit").length > 0) {
next();
return;
}
}
next({status: 403, message: "Access denied"});
}
const read = operation('read');
const write = operation('write');
const edit = operation('edit');
module.exports = {
all,
user,
read,
write,
edit,
admin,
};
Reference in New Issue View Git Blame Copy Permalink