ionian/src/permission/permission.ts

import Koa from 'koa';
import { UserState } from '../login';
import { sendError } from '../route/error_handler';


export enum Permission{
    //========
    //not implemented
    //admin only
    /** remove document */
    //removeContent = 'removeContent',

    /** upload document */
    //uploadContent = 'uploadContent',

    /** modify document except base path, filename, content_hash. but admin can modify all. */
    //modifyContent = 'modifyContent',
    
    /** add tag into document */
    //addTagContent = 'addTagContent',
    /** remove tag from document */
    //removeTagContent = 'removeTagContent',
    /** ModifyTagInDoc */
    ModifyTag = 'ModifyTag',

    /** find documents with query */
    //findAllContent = 'findAllContent',
    /** find one document. */
    //findOneContent = 'findOneContent',
    /** view content*/
    //viewContent = 'viewContent',
    QueryContent = 'QueryContent',
    
    /** modify description about the one tag. */
    modifyTagDesc = 'ModifyTagDesc',
}

export const createPermissionCheckMiddleware = (...permissions:string[]) => async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
    const user = ctx.state['user'];
    if(user === undefined){
        return sendError(401,"you are guest. login needed.");
    }
    if(user.username === "admin"){
        return await next();    
    }
    const user_permission = user.permission;
    //if permissions is not subset of user permission
    if(!permissions.map(p=>user_permission.includes(p)).every(x=>x)){
        return sendError(403,"do not have permission");
    }
    await next();
}
export const AdminOnlyMiddleware = async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
    const user = ctx.state['user'];
    if(user === undefined || user.username !== "admin"){
        return sendError(403,"admin only");
    }
    await next();    
}
add content permission 2021-01-10 18:29:49 +09:00			`import Koa from 'koa';`
			`import { UserState } from '../login';`
			`import { sendError } from '../route/error_handler';`


			`export enum Permission{`
			`//========`
			`//not implemented`
			`//admin only`
			`/** remove document */`
			`//removeContent = 'removeContent',`

			`/** upload document */`
			`//uploadContent = 'uploadContent',`

			`/** modify document except base path, filename, content_hash. but admin can modify all. */`
			`//modifyContent = 'modifyContent',`

			`/** add tag into document */`
			`//addTagContent = 'addTagContent',`
			`/** remove tag from document */`
			`//removeTagContent = 'removeTagContent',`
			`/** ModifyTagInDoc */`
			`ModifyTag = 'ModifyTag',`

			`/** find documents with query */`
			`//findAllContent = 'findAllContent',`
			`/** find one document. */`
			`//findOneContent = 'findOneContent',`
			`/** view content*/`
			`//viewContent = 'viewContent',`
			`QueryContent = 'QueryContent',`

			`/** modify description about the one tag. */`
			`modifyTagDesc = 'ModifyTagDesc',`
			`}`

			`export const createPermissionCheckMiddleware = (...permissions:string[]) => async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{`
			`const user = ctx.state['user'];`
			`if(user === undefined){`
			`return sendError(401,"you are guest. login needed.");`
			`}`
			`if(user.username === "admin"){`
			`return await next();`
			`}`
			`const user_permission = user.permission;`
			`//if permissions is not subset of user permission`
			`if(!permissions.map(p=>user_permission.includes(p)).every(x=>x)){`
			`return sendError(403,"do not have permission");`
			`}`
			`await next();`
			`}`
			`export const AdminOnlyMiddleware = async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{`
			`const user = ctx.state['user'];`
			`if(user === undefined \|\| user.username !== "admin"){`
			`return sendError(403,"admin only");`
			`}`
			`await next();`
			`}`