You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60 lines
1.3 KiB
60 lines
1.3 KiB
1 year ago
|
const methodPermission = require('../config/permission')
|
||
|
const {
|
||
|
ERROR
|
||
|
} = require('../common/error')
|
||
|
|
||
|
function isAccessAllowed (user, setting) {
|
||
|
const {
|
||
|
role: userRole = [],
|
||
|
permission: userPermission = []
|
||
|
} = user
|
||
|
const {
|
||
|
role: settingRole = [],
|
||
|
permission: settingPermission = []
|
||
|
} = setting
|
||
|
if (userRole.includes('admin')) {
|
||
|
return
|
||
|
}
|
||
|
if (
|
||
|
settingRole.length > 0 &&
|
||
|
settingRole.every(item => !userRole.includes(item))
|
||
|
) {
|
||
|
throw {
|
||
|
errCode: ERROR.PERMISSION_ERROR
|
||
|
}
|
||
|
}
|
||
|
if (
|
||
|
settingPermission.length > 0 &&
|
||
|
settingPermission.every(item => !userPermission.includes(item))
|
||
|
) {
|
||
|
throw {
|
||
|
errCode: ERROR.PERMISSION_ERROR
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
module.exports = async function () {
|
||
|
const methodName = this.getMethodName()
|
||
|
if (!(methodName in methodPermission)) {
|
||
|
return
|
||
|
}
|
||
|
const {
|
||
|
auth,
|
||
|
role,
|
||
|
permission
|
||
|
} = methodPermission[methodName]
|
||
|
if (auth || role || permission) {
|
||
|
await this.middleware.auth()
|
||
|
}
|
||
|
if (role && role.length === 0) {
|
||
|
throw new Error('[AccessControl]Empty role array is not supported')
|
||
|
}
|
||
|
if (permission && permission.length === 0) {
|
||
|
throw new Error('[AccessControl]Empty permission array is not supported')
|
||
|
}
|
||
|
return isAccessAllowed(this.authInfo, {
|
||
|
role,
|
||
|
permission
|
||
|
})
|
||
|
}
|