mirror of
https://github.com/sasjs/server.git
synced 2026-01-10 07:50:05 +00:00
37 lines
1.1 KiB
TypeScript
37 lines
1.1 KiB
TypeScript
import { RequestHandler } from 'express'
|
|
import User from '../model/User'
|
|
import Permission from '../model/Permission'
|
|
import { PermissionSetting } from '../controllers/permission'
|
|
|
|
export const authorize: RequestHandler = async (req, res, next) => {
|
|
let permission
|
|
const user = req.user
|
|
if (user) {
|
|
// no need to check for permissions when user is admin
|
|
if (user.isAdmin) return next()
|
|
|
|
const dbUser = await User.findOne({ id: user.userId })
|
|
if (!dbUser) return res.sendStatus(401)
|
|
|
|
const uri = req.baseUrl + req.route.path
|
|
|
|
// find permission w.r.t user
|
|
permission = await Permission.findOne({ uri, user: dbUser._id })
|
|
|
|
if (permission) {
|
|
if (permission.setting === PermissionSetting.grant) return next()
|
|
else res.sendStatus(401)
|
|
}
|
|
|
|
// find permission w.r.t user's groups
|
|
for (const group of dbUser.groups) {
|
|
permission = await Permission.findOne({ uri, group })
|
|
if (permission && permission.setting === PermissionSetting.grant)
|
|
return next()
|
|
}
|
|
|
|
return res.sendStatus(401)
|
|
}
|
|
return res.sendStatus(401)
|
|
}
|