import { AccountTypeEnum } from '@src/accounts/account.components'; import { newError } from '@seed/helpers/Error'; export const checkPermissions = (ressource: any, account: any | null, type: 'c' | 'r' | 'w' | 'd'): boolean => { // Adding the public by default let perm: any[] = [AccountTypeEnum.public]; if (account && account.types) { /* * Verify if admin */ if (account.types.includes(AccountTypeEnum.admin)) return true; /* * Verify if organisation type of access */ if ( ressource.organisationId && account.organisationIds && !account.organisationIds.includes(ressource.organisationId) && !ressource.r.includes(AccountTypeEnum.public) ) throw newError(2100, { allowed: ressource.organisationId, you: account.organisationIds }); /* * Add the account id and type */ perm.push(account._id); perm = perm.concat(account.types); } /* * Verify on the ressource level */ const permissions = ressource[type]; // if there is no permission on the ressource, return true if (!permissions) return true; let hasPerm = false; // Verifying if it matches for (let index = 0; index < perm.length; index++) { const element = perm[index]; if (permissions.includes(element)) { hasPerm = true; break; } } if (!hasPerm) throw newError(2000, { allowed: permissions, you: account }); return true; }; export const checkOrganisationPermissions = (ressource: any, organisationId: string): boolean => { if (organisationId == ressource.organisationId || organisationId == ressource._id) return true; throw newError(2000, { allowedOrgId: ressource.organisationId, youOrgId: organisationId }); }; export const addPermissions = (ressource: any, type: ('r' | 'w' | 'd')[], ids: (string | string)[]): void => { for (let index = 0; index < type.length; index++) { const t = type[index]; ressource[t] = ressource[t].concat(ids); } }; export const addPermissionToQuery = (account: any | null, query: 'get' | 'update' | 'delete', params: any): any => { let types: any[] = ['public']; if (account && account.types) { /* * Verify if admin, no need to add the query filters */ if (account.types.includes(AccountTypeEnum.admin)) return params; /* * Verify if organisation type of access */ // if (account.organisationIds) { // params.organisationId = { $in: account.organisationIds }; // } /* * Add the account id and type */ types.push(account._id); types = types.concat(account.types); } if (!params.$and) params.$and = []; switch (query) { default: case 'get': params.$and.push({ r: { $in: types } }); break; case 'update': params.$and.push({ w: { $in: types } }); break; case 'delete': params.$and.push({ d: { $in: types } }); break; } return params; }; export const addOrganisationToQuery = (account: any | null, query: 'get' | 'update' | 'delete', params: any): any => { let types: any[] = ['public']; if (account && account.types) { /* * Verify if admin, no need to add the query filters */ if (account.types.includes(AccountTypeEnum.admin)) return params; /* * Verify if organisation type of access */ if (account.organisationIds) { params.organisationId = { $in: account.organisationIds }; } /* * Add the account id and type */ types.push(account._id); types = types.concat(account.types); } switch (query) { default: case 'get': params = { ...params, $or: [{ r: { $in: types } }] }; break; case 'update': params = { ...params, $or: [{ w: { $in: types } }] }; break; case 'delete': params = { ...params, $or: [{ d: { $in: types } }] }; break; } return params; };