File size: 2,668 Bytes
f8b5d42 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
const { SystemSettings } = require("../../models/systemSettings");
const { userFromSession } = require("../http");
const ROLES = {
all: "<all>",
admin: "admin",
manager: "manager",
default: "default",
};
const DEFAULT_ROLES = [ROLES.admin, ROLES.admin];
/**
* Explicitly check that multi user mode is enabled as well as that the
* requesting user has the appropriate role to modify or call the URL.
* @param {string[]} allowedRoles - The roles that are allowed to access the route
* @returns {function}
*/
function strictMultiUserRoleValid(allowedRoles = DEFAULT_ROLES) {
return async (request, response, next) => {
// If the access-control is allowable for all - skip validations and continue;
if (allowedRoles.includes(ROLES.all)) {
next();
return;
}
const multiUserMode =
response.locals?.multiUserMode ??
(await SystemSettings.isMultiUserMode());
if (!multiUserMode) return response.sendStatus(401).end();
const user =
response.locals?.user ?? (await userFromSession(request, response));
if (allowedRoles.includes(user?.role)) {
next();
return;
}
return response.sendStatus(401).end();
};
}
/**
* Apply role permission checks IF the current system is in multi-user mode.
* This is relevant for routes that are shared between MUM and single-user mode.
* @param {string[]} allowedRoles - The roles that are allowed to access the route
* @returns {function}
*/
function flexUserRoleValid(allowedRoles = DEFAULT_ROLES) {
return async (request, response, next) => {
// If the access-control is allowable for all - skip validations and continue;
// It does not matter if multi-user or not.
if (allowedRoles.includes(ROLES.all)) {
next();
return;
}
// Bypass if not in multi-user mode
const multiUserMode =
response.locals?.multiUserMode ??
(await SystemSettings.isMultiUserMode());
if (!multiUserMode) {
next();
return;
}
const user =
response.locals?.user ?? (await userFromSession(request, response));
if (allowedRoles.includes(user?.role)) {
next();
return;
}
return response.sendStatus(401).end();
};
}
// Middleware check on a public route if the instance is in a valid
// multi-user set up.
async function isMultiUserSetup(_request, response, next) {
const multiUserMode = await SystemSettings.isMultiUserMode();
if (!multiUserMode) {
response.status(403).json({
error: "Invalid request",
});
return;
}
next();
return;
}
module.exports = {
ROLES,
strictMultiUserRoleValid,
flexUserRoleValid,
isMultiUserSetup,
};
|