Allow oauth2 clients to exercise permissions independent to the user
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing

This commit is contained in:
Garrett Mills 2020-10-18 20:22:10 -05:00
parent 3f2680671b
commit 5eb0487c77
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246
2 changed files with 8 additions and 2 deletions

View File

@ -24,6 +24,11 @@ class PermissionMiddleware extends Middleware {
.message('Insufficient permissions (OAuth2 Client).') .message('Insufficient permissions (OAuth2 Client).')
.api() .api()
} }
// If the oauth2 client has this permission, then allow the request to continue,
// even if the user does not.
// OAuth2Clients need to be able to query users via the API.
return next()
} }
const policy_denied = await Policy.check_user_denied(req.user, check) const policy_denied = await Policy.check_user_denied(req.user, check)

View File

@ -11,6 +11,7 @@ class APIRouteMiddleware extends Middleware {
return next() return next()
} else if ( allow_token ) { } else if ( allow_token ) {
if ( !req.oauth ) req.oauth = {} if ( !req.oauth ) req.oauth = {}
return req.app.oauth2.authorise()(req, res, async e => { return req.app.oauth2.authorise()(req, res, async e => {
if ( e ) return next(e) if ( e ) return next(e)
// Look up the OAuth2 client an inject it into the route // Look up the OAuth2 client an inject it into the route
@ -52,10 +53,10 @@ class APIRouteMiddleware extends Middleware {
next() next()
}) })
} } else {
return res.status(401).api() return res.status(401).api()
} }
}
} }
module.exports = exports = APIRouteMiddleware module.exports = exports = APIRouteMiddleware