From 60d79390c3e3f4ab43a8fcf6707d19034f922d0d Mon Sep 17 00:00:00 2001 From: Florian Boulant Date: Mon, 28 Oct 2019 22:53:15 +0100 Subject: [PATCH 1/2] Early permissions check support --- models/user.js | 11 +++++++++-- src/permissions.js | 20 ++++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 src/permissions.js diff --git a/models/user.js b/models/user.js index c1002af..a027653 100644 --- a/models/user.js +++ b/models/user.js @@ -3,7 +3,13 @@ const Schema = mongoose.Schema; const USER_ROLE = { CLIENT: "client", - AGENT: "agent" + AGENT: "agent", +}; + +const USER_PERMISSIONS = { + NOBODY: 0, + [USER_ROLE.CLIENT]: 1, + [USER_ROLE.AGENT]: 2, }; const userSchema = new Schema({ @@ -34,6 +40,7 @@ const userSchema = new Schema({ const User = mongoose.model("User", userSchema); module.exports = { - USER_ROLE: USER_ROLE, + USER_ROLE, + USER_PERMISSIONS, User: User, }; \ No newline at end of file diff --git a/src/permissions.js b/src/permissions.js new file mode 100644 index 0000000..dfac008 --- /dev/null +++ b/src/permissions.js @@ -0,0 +1,20 @@ +const USER_PERMISSIONS = require("../models/user").USER_PERMISSIONS; + +function check_permissions(onAuthorized, requiredPermissionLevel, check_equality = false) { + return function (req, res, next) { + const requestEmitterPermissionLevel = USER_PERMISSIONS[req.user && req.user.role || "NOBODY"]; + + //User doesn't have required permissions to access this route + if (check_equality && requestEmitterPermissionLevel !== requiredPermissionLevel || !check_equality && requestEmitterPermissionLevel < requiredPermissionLevel) { + req.flash("info", "Vous n'avez pas les autorisations requises pour accéder à cette ressource"); + res.redirect("/"); + } + else { + onAuthorized(req, res, next); + } + }; +} + +module.exports = { + check_permissions, +} \ No newline at end of file -- GitLab From 1a6a75479ea1be5c13e403b3ff986cd93181d679 Mon Sep 17 00:00:00 2001 From: Florian Boulant Date: Mon, 28 Oct 2019 23:44:50 +0100 Subject: [PATCH 2/2] Fix check_permissions function Place callback as last parameter And checkEquality is now required --- src/permissions.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/permissions.js b/src/permissions.js index dfac008..3eec10e 100644 --- a/src/permissions.js +++ b/src/permissions.js @@ -1,11 +1,11 @@ const USER_PERMISSIONS = require("../models/user").USER_PERMISSIONS; -function check_permissions(onAuthorized, requiredPermissionLevel, check_equality = false) { +function check_permissions(requiredPermissionLevel, checkEquality, onAuthorized) { return function (req, res, next) { const requestEmitterPermissionLevel = USER_PERMISSIONS[req.user && req.user.role || "NOBODY"]; //User doesn't have required permissions to access this route - if (check_equality && requestEmitterPermissionLevel !== requiredPermissionLevel || !check_equality && requestEmitterPermissionLevel < requiredPermissionLevel) { + if (checkEquality && requestEmitterPermissionLevel !== requiredPermissionLevel || !checkEquality && requestEmitterPermissionLevel < requiredPermissionLevel) { req.flash("info", "Vous n'avez pas les autorisations requises pour accéder à cette ressource"); res.redirect("/"); } @@ -17,4 +17,4 @@ function check_permissions(onAuthorized, requiredPermissionLevel, check_equality module.exports = { check_permissions, -} \ No newline at end of file +}; \ No newline at end of file -- GitLab