|
|
|
@ -8,7 +8,8 @@
|
|
|
|
|
*
|
|
|
|
|
* @class
|
|
|
|
|
*/
|
|
|
|
|
class Permission {
|
|
|
|
|
const Middleware = require('libflitter/middleware/Middleware')
|
|
|
|
|
class Permission extends Middleware {
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Run the middleware's check. If an authenticated session exists and the user has the specified permission,
|
|
|
|
@ -19,31 +20,33 @@ class Permission {
|
|
|
|
|
* @param {Function} next - Express handler stack callback. This should be called if the middleware check passed to allow the request to continue.
|
|
|
|
|
* @param {string} permission - Name of the permission to require
|
|
|
|
|
*/
|
|
|
|
|
async test(req, res, next, permission){
|
|
|
|
|
if ( req.session && req.session.auth && (req.session.auth.authenticated === true || req.session.auth.user) ){
|
|
|
|
|
if ( req.session.auth.user.permissions && req.session.auth.user.permissions.includes(permission) ){
|
|
|
|
|
async test(req, res, next, permission) {
|
|
|
|
|
if (req.session && req.session.auth && (req.session.auth.authenticated === true || req.session.auth.user)) {
|
|
|
|
|
if (req.session.auth.user.permissions && req.session.auth.user.permissions.includes(permission)) {
|
|
|
|
|
next()
|
|
|
|
|
}
|
|
|
|
|
else if ( req.session.auth.user.role ){
|
|
|
|
|
} else if (req.session.auth.user.role) {
|
|
|
|
|
const Role = _flitter.model('auth:Role')
|
|
|
|
|
const role = await Role.findOne({name: req.session.auth.user.role})
|
|
|
|
|
const role = await Role.findOne({
|
|
|
|
|
name: req.session.auth.user.role
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
if ( role.permissions.includes(permission) ){
|
|
|
|
|
if (role.permissions.includes(permission)) {
|
|
|
|
|
next()
|
|
|
|
|
} else {
|
|
|
|
|
return _flitter.error(res, 401, {
|
|
|
|
|
reason: 'Insufficient user permissions.'
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return _flitter.error(res, 401, {reason: 'Insufficient user permissions.'})
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return _flitter.error(res, 401, {
|
|
|
|
|
reason: 'Insufficient user permissions.'
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return _flitter.error(res, 401, {reason: 'Insufficient user permissions.'})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
} else {
|
|
|
|
|
req.session.destination = req.originalUrl
|
|
|
|
|
return res.redirect('/auth/login')
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module.exports = Permission
|
|
|
|
|
module.exports = Permission
|