add content permission
This commit is contained in:
parent
0e2698569a
commit
6e3e2426c8
|
|
@ -0,0 +1,59 @@
|
|||
import Koa from 'koa';
|
||||
import { UserState } from '../login';
|
||||
import { sendError } from '../route/error_handler';
|
||||
|
||||
|
||||
export enum Permission{
|
||||
//========
|
||||
//not implemented
|
||||
//admin only
|
||||
/** remove document */
|
||||
//removeContent = 'removeContent',
|
||||
|
||||
/** upload document */
|
||||
//uploadContent = 'uploadContent',
|
||||
|
||||
/** modify document except base path, filename, content_hash. but admin can modify all. */
|
||||
//modifyContent = 'modifyContent',
|
||||
|
||||
/** add tag into document */
|
||||
//addTagContent = 'addTagContent',
|
||||
/** remove tag from document */
|
||||
//removeTagContent = 'removeTagContent',
|
||||
/** ModifyTagInDoc */
|
||||
ModifyTag = 'ModifyTag',
|
||||
|
||||
/** find documents with query */
|
||||
//findAllContent = 'findAllContent',
|
||||
/** find one document. */
|
||||
//findOneContent = 'findOneContent',
|
||||
/** view content*/
|
||||
//viewContent = 'viewContent',
|
||||
QueryContent = 'QueryContent',
|
||||
|
||||
/** modify description about the one tag. */
|
||||
modifyTagDesc = 'ModifyTagDesc',
|
||||
}
|
||||
|
||||
export const createPermissionCheckMiddleware = (...permissions:string[]) => async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
||||
const user = ctx.state['user'];
|
||||
if(user === undefined){
|
||||
return sendError(401,"you are guest. login needed.");
|
||||
}
|
||||
if(user.username === "admin"){
|
||||
return await next();
|
||||
}
|
||||
const user_permission = user.permission;
|
||||
//if permissions is not subset of user permission
|
||||
if(!permissions.map(p=>user_permission.includes(p)).every(x=>x)){
|
||||
return sendError(403,"do not have permission");
|
||||
}
|
||||
await next();
|
||||
}
|
||||
export const AdminOnlyMiddleware = async (ctx: Koa.ParameterizedContext<UserState>,next:Koa.Next)=>{
|
||||
const user = ctx.state['user'];
|
||||
if(user === undefined || user.username !== "admin"){
|
||||
return sendError(403,"admin only");
|
||||
}
|
||||
await next();
|
||||
}
|
||||
|
|
@ -7,6 +7,7 @@ import {sendError} from './error_handler';
|
|||
import { createContentReferrer } from '../content/mod';
|
||||
import { join } from 'path';
|
||||
import {AllContentRouter} from './all';
|
||||
import {createPermissionCheckMiddleware as PerCheck, Permission as Per, AdminOnlyMiddleware as AdminOnly} from '../permission/permission';
|
||||
|
||||
const ContentIDHandler = (controller: ContentAccessor) => async (ctx: Context,next: Next)=>{
|
||||
const num = Number.parseInt(ctx.params['num']);
|
||||
|
|
@ -128,17 +129,17 @@ const ContentHandler = (controller : ContentAccessor) => async (ctx:Context, nex
|
|||
|
||||
export const getContentRouter = (controller: ContentAccessor)=>{
|
||||
const ret = new Router();
|
||||
ret.get("/search",ContentQueryHandler(controller));
|
||||
ret.get("/:num(\\d+)",ContentIDHandler(controller));
|
||||
ret.post("/:num(\\d+)",UpdateContentHandler(controller));
|
||||
ret.get("/search",PerCheck(Per.QueryContent),ContentQueryHandler(controller));
|
||||
ret.get("/:num(\\d+)",PerCheck(Per.QueryContent),ContentIDHandler(controller));
|
||||
ret.post("/:num(\\d+)",AdminOnly,UpdateContentHandler(controller));
|
||||
//ret.use("/:num(\\d+)/:content_type");
|
||||
ret.post("/",CreateContentHandler(controller));
|
||||
ret.get("/:num(\\d+)/tags",ContentTagIDHandler(controller));
|
||||
ret.post("/:num(\\d+)/tags/:tag",AddTagHandler(controller));
|
||||
ret.del("/:num(\\d+)/tags/:tag",DelTagHandler(controller));
|
||||
ret.del("/:num(\\d+)",DeleteContentHandler(controller));
|
||||
ret.all("/:num(\\d+)/(.*)",ContentHandler(controller));
|
||||
ret.use("/:num",(new AllContentRouter).routes());
|
||||
ret.post("/",AdminOnly,CreateContentHandler(controller));
|
||||
ret.get("/:num(\\d+)/tags",PerCheck(Per.QueryContent),ContentTagIDHandler(controller));
|
||||
ret.post("/:num(\\d+)/tags/:tag",PerCheck(Per.ModifyTag),AddTagHandler(controller));
|
||||
ret.del("/:num(\\d+)/tags/:tag",PerCheck(Per.ModifyTag),DelTagHandler(controller));
|
||||
ret.del("/:num(\\d+)",AdminOnly,DeleteContentHandler(controller));
|
||||
ret.all("/:num(\\d+)/(.*)",PerCheck(Per.QueryContent),ContentHandler(controller));
|
||||
ret.use("/:num",PerCheck(Per.QueryContent),(new AllContentRouter).routes());
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue