tethys.backend/app/middleware/can_middleware.ts

import { HttpContext } from '@adonisjs/core/http';
// import Config from '@ioc:Adonis/Core/Config';
import config from '@adonisjs/core/services/config';
import db from '@adonisjs/lucid/services/db';
import User from '#models/user';
import { Exception } from '@adonisjs/core/exceptions';

const permissionTable = config.get('rolePermission.permission_table', 'permissions');
const rolePermissionTable = config.get('rolePermission.role_permission_table', 'role_has_permissions');
const roleTable = config.get('rolePermission.role_table', 'roles');
const userRoleTable = config.get('rolePermission.user_role_table', 'link_accounts_roles');

/**
 * Permission authentication to check if user has any of the specified permissions
 *
 * Should be called after auth middleware
 */
export default class Can {
    /**
     * Handle request
     */
    public async handle({ auth, response }: HttpContext, next: () => Promise<void>, permissionNames: string[]) {
        /**
         * Check if user is logged-in
         */
        let user = await auth.user;
        if (!user) {
            return response.unauthorized({ error: 'Must be logged in' });
        }
        let hasPermission = await this.checkHasPermissions(user, permissionNames);
        if (!hasPermission) {
            // return response.unauthorized({
            // 	error: `Doesn't have required role(s): ${permissionNames.join(',')}`,
            // });
            throw new Exception(`Doesn't have required permission(s): ${permissionNames.join(',')}`, { status: 401 });
        }
        // await next();
        return next();
    }

    private async checkHasPermissions(user: User, permissionNames: Array<string>): Promise<boolean> {
        let rolePlaceHolder = '(';
        let placeholders = new Array(permissionNames.length).fill('?');
        rolePlaceHolder += placeholders.join(',');
        rolePlaceHolder += ')';

        // let test = user
        // 	.related('roles')
        // 	.query()
        // 	.count('permissions.name')
        // 	.innerJoin('gba.role_has_permissions', function () {
        // 		this.on('gba.role_has_permissions.role_id', 'roles.id');
        // 	})
        // 	.innerJoin('gba.permissions', function () {
        // 		this.on('role_has_permissions.permission_id', 'permissions.id');
        // 	})
        // 	.andWhereIn('permissions.name', permissionNames);

        // select "permissions"."name"
        // from "gba"."roles"
        // inner join "gba"."link_accounts_roles" on "roles"."id" = "link_accounts_roles"."role_id"
        // inner join "gba"."role_has_permissions" on "gba"."role_has_permissions"."role_id" = "roles"."id"
        // inner join "gba"."permissions" on "role_has_permissions"."permission_id" = "permissions"."id"
        // where ("permissions"."name" in ('dataset-list', 'dataset-publish'))
        // and ("link_accounts_roles"."account_id" = 1)

        let {
            rows: {
                0: { permissioncount },
            },
        } = await db.rawQuery(
            'SELECT count("p"."name") as permissionCount FROM ' +
                roleTable +
                ' r INNER JOIN ' +
                userRoleTable +
                ' ur ON ur.role_id=r.id AND "ur"."account_id"=? ' +
                ' INNER JOIN ' +
                rolePermissionTable +
                ' rp ON rp.role_id=r.id ' +
                ' INNER JOIN ' +
                permissionTable +
                ' p ON rp.permission_id=p.id AND "p"."name" in ' +
                rolePlaceHolder +
                ' LIMIT 1',
            [user.id, ...permissionNames],
        );

        return permissioncount > 0;
    }
}
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`import { HttpContext } from '@adonisjs/core/http';`
			`// import Config from '@ioc:Adonis/Core/Config';`
			`import config from '@adonisjs/core/services/config';`
			`import db from '@adonisjs/lucid/services/db';`
- npm updates - renamed 'models' and 'validators' folders - removed unneccessary files in contracts folder 2024-04-30 09:50:50 +00:00			`import User from '#models/user';`
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`import { Exception } from '@adonisjs/core/exceptions';`
initial commit 2023-03-03 15:54:28 +00:00
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`const permissionTable = config.get('rolePermission.permission_table', 'permissions');`
			`const rolePermissionTable = config.get('rolePermission.role_permission_table', 'role_has_permissions');`
			`const roleTable = config.get('rolePermission.role_table', 'roles');`
			`const userRoleTable = config.get('rolePermission.user_role_table', 'link_accounts_roles');`
initial commit 2023-03-03 15:54:28 +00:00
			`/**`
			`* Permission authentication to check if user has any of the specified permissions`
			`*`
			`* Should be called after auth middleware`
			`*/`
			`export default class Can {`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`/**`
			`* Handle request`
			`*/`
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`public async handle({ auth, response }: HttpContext, next: () => Promise<void>, permissionNames: string[]) {`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`/**`
			`* Check if user is logged-in`
			`*/`
			`let user = await auth.user;`
			`if (!user) {`
			`return response.unauthorized({ error: 'Must be logged in' });`
			`}`
			`let hasPermission = await this.checkHasPermissions(user, permissionNames);`
			`if (!hasPermission) {`
			`// return response.unauthorized({`
			// error: `Doesn't have required role(s): ${permissionNames.join(',')}`,
			`// });`
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			throw new Exception(`Doesn't have required permission(s): ${permissionNames.join(',')}`, { status: 401 });
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`}`
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`// await next();`
			`return next();`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`}`
initial commit 2023-03-03 15:54:28 +00:00
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`private async checkHasPermissions(user: User, permissionNames: Array<string>): Promise<boolean> {`
			`let rolePlaceHolder = '(';`
			`let placeholders = new Array(permissionNames.length).fill('?');`
			`rolePlaceHolder += placeholders.join(',');`
			`rolePlaceHolder += ')';`

			`// let test = user`
			`// .related('roles')`
			`// .query()`
			`// .count('permissions.name')`
			`// .innerJoin('gba.role_has_permissions', function () {`
			`// this.on('gba.role_has_permissions.role_id', 'roles.id');`
			`// })`
			`// .innerJoin('gba.permissions', function () {`
			`// this.on('role_has_permissions.permission_id', 'permissions.id');`
			`// })`
			`// .andWhereIn('permissions.name', permissionNames);`
initial commit 2023-03-03 15:54:28 +00:00
			`// select "permissions"."name"`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`// from "gba"."roles"`
			`// inner join "gba"."link_accounts_roles" on "roles"."id" = "link_accounts_roles"."role_id"`
			`// inner join "gba"."role_has_permissions" on "gba"."role_has_permissions"."role_id" = "roles"."id"`
			`// inner join "gba"."permissions" on "role_has_permissions"."permission_id" = "permissions"."id"`
			`// where ("permissions"."name" in ('dataset-list', 'dataset-publish'))`
initial commit 2023-03-03 15:54:28 +00:00			`// and ("link_accounts_roles"."account_id" = 1)`

- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`let {`
			`rows: {`
			`0: { permissioncount },`
			`},`
- update to AdonisJS 6 2024-03-14 19:25:27 +00:00			`} = await db.rawQuery(`
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`'SELECT count("p"."name") as permissionCount FROM ' +`
			`roleTable +`
			`' r INNER JOIN ' +`
			`userRoleTable +`
			`' ur ON ur.role_id=r.id AND "ur"."account_id"=? ' +`
			`' INNER JOIN ' +`
			`rolePermissionTable +`
			`' rp ON rp.role_id=r.id ' +`
			`' INNER JOIN ' +`
			`permissionTable +`
			`' p ON rp.permission_id=p.id AND "p"."name" in ' +`
			`rolePlaceHolder +`
			`' LIMIT 1',`
			`[user.id, ...permissionNames],`
			`);`
initial commit 2023-03-03 15:54:28 +00:00
- additional functionality for DatasetController.ts - additional validation rules like 'uniqueArray' - additional Lucid models like BaseModel.ts for filling attributes, Title.ts, Description.ts - npm updates for @adonisjs/core 2023-06-22 15:20:04 +00:00			`return permissioncount > 0;`
			`}`
initial commit 2023-03-03 15:54:28 +00:00			`}`