mirror of
https://github.com/ragestudio/comty.git
synced 2025-06-09 18:44:16 +00:00
39 lines
1.2 KiB
JavaScript
Executable File
39 lines
1.2 KiB
JavaScript
Executable File
import { Config } from "@db_models"
|
|
|
|
export default (req, res, next) => {
|
|
const requestedPath = `${req.method.toLowerCase()}${req.path.toLowerCase()}`
|
|
|
|
Config.findOne({ key: "permissions" }, undefined, {
|
|
lean: true,
|
|
}).then(({ value }) => {
|
|
req.assertedPermissions = []
|
|
|
|
const pathRoles = value.pathRoles ?? {}
|
|
|
|
if (typeof pathRoles[requestedPath] === "undefined") {
|
|
console.warn(`[Permissions] No permissions defined for path ${requestedPath}`)
|
|
return next()
|
|
}
|
|
|
|
const requiredRoles = Array.isArray(pathRoles[requestedPath]) ? pathRoles[requestedPath] : [pathRoles[requestedPath]]
|
|
|
|
requiredRoles.forEach((role) => {
|
|
if (req.user.roles.includes(role)) {
|
|
req.assertedPermissions.push(role)
|
|
}
|
|
})
|
|
|
|
if (req.user.roles.includes("admin")) {
|
|
req.assertedPermissions.push("admin")
|
|
}
|
|
|
|
if (req.assertedPermissions.length === 0 && !req.user.roles.includes("admin")) {
|
|
return res.status(403).json({
|
|
error: "forbidden",
|
|
message: "You don't have permission to access this resource",
|
|
})
|
|
}
|
|
|
|
next()
|
|
})
|
|
} |