chamomind/jws-backend
chamomind/jws-backend
7
0
Fork 0
Code Issues Projects 1 Releases Packages 1 Wiki Activity Actions

fix: cannot set role as expected

Browse source
This commit is contained in:
Methapon Metanipat 2024-09-04 16:19:07 +07:00
parent 4de3c2409f
commit 859b733245
1 changed files with 15 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

33
src/controllers/user-controller.ts
View file

@ -36,6 +36,9 @@ if (!process.env.MINIO_BUCKET) {
const MINIO_BUCKET = process.env.MINIO_BUCKET; const MINIO_BUCKET = process.env.MINIO_BUCKET;
const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager"]; const MANAGE_ROLES = ["system", "head_of_admin", "admin", "branch_manager"];
function isSystem(user: RequestWithUser["user"]) {
return user.roles.includes("system");
}
function globalAllow(user: RequestWithUser["user"]) { function globalAllow(user: RequestWithUser["user"]) {
const listAllowed = ["system", "head_of_admin"]; const listAllowed = ["system", "head_of_admin"];
return user.roles?.some((v) => listAllowed.includes(v)) || false; return user.roles?.some((v) => listAllowed.includes(v)) || false;
@ -346,21 +349,18 @@ export class UserController extends Controller {
throw new HttpError(HttpStatus.BAD_REQUEST, "User exists.", "userExists"); throw new HttpError(HttpStatus.BAD_REQUEST, "User exists.", "userExists");
} }
const roleSetIndex = MANAGE_ROLES.findIndex((v) => v === body.userRole); const setRoleIndex = MANAGE_ROLES.findIndex((v) => v === body.userRole);
const userRoleIndex = MANAGE_ROLES.reduce(
(a, c, i) => (req.user.roles?.includes(c) ? i : a),
-1,
);
const THROW_PERM_MSG = "You do not have permission to perform this action."; const THROW_PERM_MSG = "You do not have permission to perform this action.";
const THROW_PERM_CODE = "noPermission"; const THROW_PERM_CODE = "noPermission";
if (roleSetIndex !== -1 && roleSetIndex < 1) { if (setRoleIndex < userRoleIndex) {
throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE); throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE);
} }
if (roleSetIndex !== -1 && roleSetIndex < 2 && !req.user.roles?.includes("head_of_admin")) {
throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE);
}
if (roleSetIndex !== -1 && roleSetIndex < 3 && !req.user.roles?.includes("admin")) {
throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE);
}
if (!globalAllow(req.user)) { if (!globalAllow(req.user)) {
if (branch.some((v) => !v.user.find((v) => v.userId === req.user.sub))) { if (branch.some((v) => !v.user.find((v) => v.userId === req.user.sub))) {
throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE); throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE);
@ -506,21 +506,18 @@ export class UserController extends Controller {
"minimumBranchNotMet", "minimumBranchNotMet",
); );
} }
const roleSetIndex = MANAGE_ROLES.findIndex((v) => v === body.userRole); const setRoleIndex = MANAGE_ROLES.findIndex((v) => v === body.userRole);
const userRoleIndex = MANAGE_ROLES.reduce(
(a, c, i) => (req.user.roles?.includes(c) ? i : a),
-1,
);
const THROW_PERM_MSG = "You do not have permission to perform this action."; const THROW_PERM_MSG = "You do not have permission to perform this action.";
const THROW_PERM_CODE = "noPermission"; const THROW_PERM_CODE = "noPermission";
if (roleSetIndex !== -1 && roleSetIndex < 1) { if (setRoleIndex < userRoleIndex) {
throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE); throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE);
} }
if (roleSetIndex !== -1 && roleSetIndex < 2 && !req.user.roles?.includes("head_of_admin")) {
throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE);
}
if (roleSetIndex !== -1 && roleSetIndex < 3 && !req.user.roles?.includes("admin")) {
throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE);
}
if (!globalAllow(req.user)) { if (!globalAllow(req.user)) {
if (branch.some((v) => !v.user.find((v) => v.userId === req.user.sub))) { if (branch.some((v) => !v.user.find((v) => v.userId === req.user.sub))) {
throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE); throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE);