mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-04 10:05:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

more user role stuff

Browse source
This commit is contained in:
Milo Schwartz 2024-11-09 23:59:19 -05:00
parent bb17d30c9e
commit 231e1d2e2d
No known key found for this signature in database
32 changed files with 897 additions and 138 deletions
Download patch file Download diff file Expand all files Collapse all files

9
server/routers/auth/verifyAdmin.ts
View file

@ -12,7 +12,6 @@ export async function verifyAdmin(
) {
const userId = req.user?.userId;
const orgId = req.userOrgId;
let userOrg = req.userOrg;
if (!userId) {
return next(
@ -26,16 +25,16 @@ export async function verifyAdmin(
);
}
if (!userOrg) {
if (!req.userOrg) {
const userOrgRes = await db
.select()
.from(userOrgs)
.where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId!)))
.limit(1);
userOrg = userOrgRes[0];
req.userOrg = userOrgRes[0];
}
if (!userOrg) {
if (!req.userOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
@ -47,7 +46,7 @@ export async function verifyAdmin(
const userRole = await db
.select()
.from(roles)
.where(eq(roles.roleId, userOrg.roleId))
.where(eq(roles.roleId, req.userOrg.roleId))
.limit(1);
if (userRole.length === 0 || !userRole[0].isAdmin) {

9
server/routers/auth/verifyOrgAccess.ts
View file

@ -12,7 +12,6 @@ export async function verifyOrgAccess(
) {
const userId = req.user!.userId;
const orgId = req.params.orgId;
let userOrg = req.userOrg;
if (!userId) {
return next(
@ -27,17 +26,17 @@ export async function verifyOrgAccess(
}
try {
if (!userOrg) {
if (!req.userOrg) {
const userOrgRes = await db
.select()
.from(userOrgs)
.where(
and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId))
);
userOrg = userOrgRes[0];
req.userOrg = userOrgRes[0];
}
if (!userOrg) {
if (!req.userOrg) {
next(
createHttpError(
HttpCode.FORBIDDEN,
@ -46,7 +45,7 @@ export async function verifyOrgAccess(
);
} else {
// User has access, attach the user's role to the request for potential future use
req.userOrgRoleId = userOrg.roleId;
req.userOrgRoleId = req.userOrg.roleId;
req.userOrgId = orgId;
return next();
}

9
server/routers/auth/verifyResourceAccess.ts
View file

@ -18,7 +18,6 @@ export async function verifyResourceAccess(
const userId = req.user!.userId;
const resourceId =
req.params.resourceId || req.body.resourceId || req.query.resourceId;
let userOrg = req.userOrg;
if (!userId) {
return next(
@ -51,7 +50,7 @@ export async function verifyResourceAccess(
);
}
if (!userOrg) {
if (!req.userOrg) {
const userOrgRole = await db
.select()
.from(userOrgs)
@ -62,10 +61,10 @@ export async function verifyResourceAccess(
)
)
.limit(1);
userOrg = userOrgRole[0];
req.userOrg = userOrgRole[0];
}
if (!userOrg) {
if (!req.userOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
@ -74,7 +73,7 @@ export async function verifyResourceAccess(
);
}
const userOrgRoleId = userOrg.roleId;
const userOrgRoleId = req.userOrg.roleId;
req.userOrgRoleId = userOrgRoleId;
req.userOrgId = resource[0].orgId;

20
server/routers/auth/verifyRoleAccess.ts
View file

@ -15,7 +15,6 @@ export async function verifyRoleAccess(
const roleId = parseInt(
req.params.roleId || req.body.roleId || req.query.roleId
);
let userOrg = req.userOrg;
if (!userId) {
return next(
@ -43,7 +42,7 @@ export async function verifyRoleAccess(
);
}
if (!userOrg) {
if (!req.userOrg) {
const userOrgRole = await db
.select()
.from(userOrgs)
@ -54,10 +53,10 @@ export async function verifyRoleAccess(
)
)
.limit(1);
userOrg = userOrgRole[0];
req.userOrg = userOrgRole[0];
}
if (!userOrg) {
if (!req.userOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
@ -66,8 +65,17 @@ export async function verifyRoleAccess(
);
}
req.userOrgRoleId = userOrg.roleId;
req.userOrgId = userOrg.orgId;
if (req.userOrg.orgId !== role[0].orgId) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"Role does not belong to the organization"
)
);
}
req.userOrgRoleId = req.userOrg.roleId;
req.userOrgId = req.userOrg.orgId;
return next();
} catch (error) {

27
server/routers/auth/verifySiteAccess.ts
View file

@ -57,19 +57,22 @@ export async function verifySiteAccess(
);
}
// Get user's role ID in the organization
const userOrgRole = await db
.select()
.from(userOrgs)
.where(
and(
eq(userOrgs.userId, userId),
eq(userOrgs.orgId, site[0].orgId)
if (!req.userOrg) {
// Get user's role ID in the organization
const userOrgRole = await db
.select()
.from(userOrgs)
.where(
and(
eq(userOrgs.userId, userId),
eq(userOrgs.orgId, site[0].orgId)
)
)
)
.limit(1);
.limit(1);
req.userOrg = userOrgRole[0];
}
if (userOrgRole.length === 0) {
if (!req.userOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
@ -78,7 +81,7 @@ export async function verifySiteAccess(
);
}
const userOrgRoleId = userOrgRole[0].roleId;
const userOrgRoleId = req.userOrg.roleId;
req.userOrgRoleId = userOrgRoleId;
req.userOrgId = site[0].orgId;

13
server/routers/auth/verifyTargetAccess.ts
View file

@ -12,7 +12,6 @@ export async function verifyTargetAccess(
) {
const userId = req.user!.userId;
const targetId = parseInt(req.params.targetId);
let userOrg = req.userOrg;
if (!userId) {
return next(
@ -36,7 +35,7 @@ export async function verifyTargetAccess(
return next(
createHttpError(
HttpCode.NOT_FOUND,
`target with ID ${targetId} not found`
`Target with ID ${targetId} not found`
)
);
}
@ -47,7 +46,7 @@ export async function verifyTargetAccess(
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
`target with ID ${targetId} does not have a resource ID`
`Target with ID ${targetId} does not have a resource ID`
)
);
}
@ -77,7 +76,7 @@ export async function verifyTargetAccess(
);
}
if (!userOrg) {
if (!req.userOrg) {
const res = await db
.select()
.from(userOrgs)
@ -87,10 +86,10 @@ export async function verifyTargetAccess(
eq(userOrgs.orgId, resource[0].orgId)
)
);
userOrg = res[0];
req.userOrg = res[0];
}
if (!userOrg) {
if (!req.userOrg) {
next(
createHttpError(
HttpCode.FORBIDDEN,
@ -98,7 +97,7 @@ export async function verifyTargetAccess(
)
);
} else {
req.userOrgRoleId = userOrg.roleId;
req.userOrgRoleId = req.userOrg.roleId;
req.userOrgId = resource[0].orgId!;
next();
}

8
server/routers/auth/verifyUserAccess.ts
View file

@ -13,8 +13,6 @@ export async function verifyUserAccess(
const userId = req.user!.userId;
const reqUserId = req.params.userId || req.body.userId || req.query.userId;
let userOrg = req.userOrg;
if (!userId) {
return next(
createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
@ -26,7 +24,7 @@ export async function verifyUserAccess(
}
try {
if (!userOrg) {
if (!req.userOrg) {
const res = await db
.select()
.from(userOrgs)
@ -37,10 +35,10 @@ export async function verifyUserAccess(
)
)
.limit(1);
userOrg = res[0];
req.userOrg = res[0];
}
if (userOrg) {
if (req.userOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,

9
server/routers/auth/verifyUserIsOrgOwner.ts
View file

@ -12,7 +12,6 @@ export async function verifyUserIsOrgOwner(
) {
const userId = req.user!.userId;
const orgId = req.params.orgId;
let userOrg = req.userOrg;
if (!userId) {
return next(
@ -30,17 +29,17 @@ export async function verifyUserIsOrgOwner(
}
try {
if (!userOrg) {
if (!req.userOrg) {
const res = await db
.select()
.from(userOrgs)
.where(
and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId))
);
userOrg = res[0];
req.userOrg = res[0];
}
if (!userOrg) {
if (!req.userOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
@ -49,7 +48,7 @@ export async function verifyUserIsOrgOwner(
);
}
if (!userOrg.isOwner) {
if (!req.userOrg.isOwner) {
return next(
createHttpError(
HttpCode.FORBIDDEN,