WorkInFlex/backend
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
backend/lib/seed/graphql/AccessService.ts
Valdior d8446080cc init commit
2025-05-14 21:45:16 +02:00

151 lines
4.2 KiB
TypeScript
Raw Permalink Blame History

import { AccountTypeEnum } from '@src/accounts/account.components';
import { newError } from '@seed/helpers/Error';
export const checkPermissions = (ressource: any, account: any | null, type: 'c' | 'r' | 'w' | 'd'): boolean => {
// Adding the public by default
let perm: any[] = [AccountTypeEnum.public];
if (account && account.types) {
/*
* Verify if admin
*/
if (account.types.includes(AccountTypeEnum.admin)) return true;
/*
* Verify if organisation type of access
*/
if (
ressource.organisationId &&
account.organisationIds &&
!account.organisationIds.includes(ressource.organisationId) &&
!ressource.r.includes(AccountTypeEnum.public)
)
throw newError(2100, { allowed: ressource.organisationId, you: account.organisationIds });
/*
* Add the account id and type
*/
perm.push(account._id);
perm = perm.concat(account.types);
}
/*
* Verify on the ressource level
*/
const permissions = ressource[type];
// if there is no permission on the ressource, return true
if (!permissions) return true;
let hasPerm = false;
// Verifying if it matches
for (let index = 0; index < perm.length; index++) {
const element = perm[index];
if (permissions.includes(element)) {
hasPerm = true;
break;
}
}
if (!hasPerm) throw newError(2000, { allowed: permissions, you: account });
return true;
};
export const checkOrganisationPermissions = (ressource: any, organisationId: string): boolean => {
if (organisationId == ressource.organisationId || organisationId == ressource._id) return true;
throw newError(2000, { allowedOrgId: ressource.organisationId, youOrgId: organisationId });
};
export const addPermissions = (ressource: any, type: ('r' | 'w' | 'd')[], ids: (string | string)[]): void => {
for (let index = 0; index < type.length; index++) {
const t = type[index];
ressource[t] = ressource[t].concat(ids);
}
};
export const addPermissionToQuery = (account: any | null, query: 'get' | 'update' | 'delete', params: any): any => {
let types: any[] = ['public'];
if (account && account.types) {
/*
* Verify if admin, no need to add the query filters
*/
if (account.types.includes(AccountTypeEnum.admin)) return params;
/*
* Verify if organisation type of access
*/
// if (account.organisationIds) {
// params.organisationId = { $in: account.organisationIds };
// }
/*
* Add the account id and type
*/
types.push(account._id);
types = types.concat(account.types);
}
if (!params.$and) params.$and = [];
switch (query) {
default:
case 'get':
params.$and.push({ r: { $in: types } });
break;
case 'update':
params.$and.push({ w: { $in: types } });
break;
case 'delete':
params.$and.push({ d: { $in: types } });
break;
}
return params;
};
export const addOrganisationToQuery = (account: any | null, query: 'get' | 'update' | 'delete', params: any): any => {
let types: any[] = ['public'];
if (account && account.types) {
/*
* Verify if admin, no need to add the query filters
*/
if (account.types.includes(AccountTypeEnum.admin)) return params;
/*
* Verify if organisation type of access
*/
if (account.organisationIds) {
params.organisationId = { $in: account.organisationIds };
}
/*
* Add the account id and type
*/
types.push(account._id);
types = types.concat(account.types);
}
switch (query) {
default:
case 'get':
params = { ...params, $or: [{ r: { $in: types } }] };
break;
case 'update':
params = { ...params, $or: [{ w: { $in: types } }] };
break;
case 'delete':
params = { ...params, $or: [{ d: { $in: types } }] };
break;
}
return params;
};
Reference in New Issue View Git Blame Copy Permalink