tethys.backend/app/middleware/can_middleware.ts
Arno Kaimbacher 08c2edca3b - npm updates
- renamed 'models' and 'validators' folders
- removed unneccessary files in contracts folder
2024-04-30 11:50:50 +02:00

91 lines
3.6 KiB
TypeScript

import { HttpContext } from '@adonisjs/core/http';
// import Config from '@ioc:Adonis/Core/Config';
import config from '@adonisjs/core/services/config';
import db from '@adonisjs/lucid/services/db';
import User from '#models/user';
import { Exception } from '@adonisjs/core/exceptions';
const permissionTable = config.get('rolePermission.permission_table', 'permissions');
const rolePermissionTable = config.get('rolePermission.role_permission_table', 'role_has_permissions');
const roleTable = config.get('rolePermission.role_table', 'roles');
const userRoleTable = config.get('rolePermission.user_role_table', 'link_accounts_roles');
/**
* Permission authentication to check if user has any of the specified permissions
*
* Should be called after auth middleware
*/
export default class Can {
/**
* Handle request
*/
public async handle({ auth, response }: HttpContext, next: () => Promise<void>, permissionNames: string[]) {
/**
* Check if user is logged-in
*/
let user = await auth.user;
if (!user) {
return response.unauthorized({ error: 'Must be logged in' });
}
let hasPermission = await this.checkHasPermissions(user, permissionNames);
if (!hasPermission) {
// return response.unauthorized({
// error: `Doesn't have required role(s): ${permissionNames.join(',')}`,
// });
throw new Exception(`Doesn't have required permission(s): ${permissionNames.join(',')}`, { status: 401 });
}
// await next();
return next();
}
private async checkHasPermissions(user: User, permissionNames: Array<string>): Promise<boolean> {
let rolePlaceHolder = '(';
let placeholders = new Array(permissionNames.length).fill('?');
rolePlaceHolder += placeholders.join(',');
rolePlaceHolder += ')';
// let test = user
// .related('roles')
// .query()
// .count('permissions.name')
// .innerJoin('gba.role_has_permissions', function () {
// this.on('gba.role_has_permissions.role_id', 'roles.id');
// })
// .innerJoin('gba.permissions', function () {
// this.on('role_has_permissions.permission_id', 'permissions.id');
// })
// .andWhereIn('permissions.name', permissionNames);
// select "permissions"."name"
// from "gba"."roles"
// inner join "gba"."link_accounts_roles" on "roles"."id" = "link_accounts_roles"."role_id"
// inner join "gba"."role_has_permissions" on "gba"."role_has_permissions"."role_id" = "roles"."id"
// inner join "gba"."permissions" on "role_has_permissions"."permission_id" = "permissions"."id"
// where ("permissions"."name" in ('dataset-list', 'dataset-publish'))
// and ("link_accounts_roles"."account_id" = 1)
let {
rows: {
0: { permissioncount },
},
} = await db.rawQuery(
'SELECT count("p"."name") as permissionCount FROM ' +
roleTable +
' r INNER JOIN ' +
userRoleTable +
' ur ON ur.role_id=r.id AND "ur"."account_id"=? ' +
' INNER JOIN ' +
rolePermissionTable +
' rp ON rp.role_id=r.id ' +
' INNER JOIN ' +
permissionTable +
' p ON rp.permission_id=p.id AND "p"."name" in ' +
rolePlaceHolder +
' LIMIT 1',
[user.id, ...permissionNames],
);
return permissioncount > 0;
}
}