canteen/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/access-control.js

const methodPermission = require('../config/permission')
const {
  ERROR
} = require('../common/error')

function isAccessAllowed (user, setting) {
  const {
    role: userRole = [],
    permission: userPermission = []
  } = user
  const {
    role: settingRole = [],
    permission: settingPermission = []
  } = setting
  if (userRole.includes('admin')) {
    return
  }
  if (
    settingRole.length > 0 &&
    settingRole.every(item => !userRole.includes(item))
  ) {
    throw {
      errCode: ERROR.PERMISSION_ERROR
    }
  }
  if (
    settingPermission.length > 0 &&
    settingPermission.every(item => !userPermission.includes(item))
  ) {
    throw {
      errCode: ERROR.PERMISSION_ERROR
    }
  }
}

module.exports = async function () {
  const methodName = this.getMethodName()
  if (!(methodName in methodPermission)) {
    return
  }
  const {
    auth,
    role,
    permission
  } = methodPermission[methodName]
  if (auth || role || permission) {
    await this.middleware.auth()
  }
  if (role && role.length === 0) {
    throw new Error('[AccessControl]Empty role array is not supported')
  }
  if (permission && permission.length === 0) {
    throw new Error('[AccessControl]Empty permission array is not supported')
  }
  return isAccessAllowed(this.authInfo, {
    role,
    permission
  })
}