Fix permission bug
This commit is contained in:
parent
6b0504ec9c
commit
8ffb06c059
|
@ -1,4 +1,5 @@
|
||||||
{
|
{
|
||||||
"vsicons.presets.angular": true,
|
"vsicons.presets.angular": true,
|
||||||
"angular.log": "verbose"
|
"angular.log": "verbose",
|
||||||
|
"discord.enabled": true
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,4 +21,8 @@ export class EImageBackend implements EImage {
|
||||||
default: "image",
|
default: "image",
|
||||||
})
|
})
|
||||||
file_name: string;
|
file_name: string;
|
||||||
|
|
||||||
|
// @Column({
|
||||||
|
// nullable: false,
|
||||||
|
// })
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@ import { Reflector } from '@nestjs/core';
|
||||||
import { AuthGuard } from '@nestjs/passport';
|
import { AuthGuard } from '@nestjs/passport';
|
||||||
import { EUser, EUserSchema } from 'picsur-shared/dist/entities/user.entity';
|
import { EUser, EUserSchema } from 'picsur-shared/dist/entities/user.entity';
|
||||||
import { Fail, Failable, FT, HasFailed } from 'picsur-shared/dist/types';
|
import { Fail, Failable, FT, HasFailed } from 'picsur-shared/dist/types';
|
||||||
|
import { makeUnique } from 'picsur-shared/dist/util/unique';
|
||||||
import { UserDbService } from '../../../collections/user-db/user-db.service';
|
import { UserDbService } from '../../../collections/user-db/user-db.service';
|
||||||
import { Permissions } from '../../../models/constants/permissions.const';
|
import { Permissions } from '../../../models/constants/permissions.const';
|
||||||
import { isPermissionsArray } from '../../../models/validators/permissions.validator';
|
import { isPermissionsArray } from '../../../models/validators/permissions.validator';
|
||||||
|
@ -57,7 +58,7 @@ export class MainAuthGuard extends AuthGuard(['apikey', 'jwt', 'guest']) {
|
||||||
// These are the permissions the user has
|
// These are the permissions the user has
|
||||||
const userPermissions = await this.usersService.getPermissions(user.id);
|
const userPermissions = await this.usersService.getPermissions(user.id);
|
||||||
if (HasFailed(userPermissions)) {
|
if (HasFailed(userPermissions)) {
|
||||||
throw userPermissions
|
throw userPermissions;
|
||||||
}
|
}
|
||||||
|
|
||||||
context.switchToHttp().getRequest().userPermissions = userPermissions;
|
context.switchToHttp().getRequest().userPermissions = userPermissions;
|
||||||
|
@ -71,16 +72,23 @@ export class MainAuthGuard extends AuthGuard(['apikey', 'jwt', 'guest']) {
|
||||||
const handlerName = context.getHandler().name;
|
const handlerName = context.getHandler().name;
|
||||||
// Fall back to class permissions if none on function
|
// Fall back to class permissions if none on function
|
||||||
// But function has higher priority than class
|
// But function has higher priority than class
|
||||||
const permissions =
|
const permissionsHandler: Permissions | undefined =
|
||||||
this.reflector.get<Permissions>('permissions', context.getHandler()) ??
|
this.reflector.get<Permissions>('permissions', context.getHandler());
|
||||||
|
const permissionsClass: Permissions | undefined =
|
||||||
this.reflector.get<Permissions>('permissions', context.getClass());
|
this.reflector.get<Permissions>('permissions', context.getClass());
|
||||||
|
|
||||||
if (permissions === undefined)
|
if (permissionsHandler === undefined && permissionsClass === undefined) {
|
||||||
return Fail(
|
return Fail(
|
||||||
FT.Internal,
|
FT.Internal,
|
||||||
undefined,
|
undefined,
|
||||||
`${handlerName} does not have any permissions defined, denying access`,
|
`${handlerName} does not have any permissions defined, denying access`,
|
||||||
);
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
const permissions = makeUnique([
|
||||||
|
...(permissionsHandler ?? []),
|
||||||
|
...(permissionsClass ?? []),
|
||||||
|
]);
|
||||||
|
|
||||||
if (!isPermissionsArray(permissions))
|
if (!isPermissionsArray(permissions))
|
||||||
return Fail(
|
return Fail(
|
||||||
|
|
|
@ -28,13 +28,19 @@ type SystemRole = typeof UndeletableRolesTuple[number];
|
||||||
const SystemRoleDefaultsTyped: {
|
const SystemRoleDefaultsTyped: {
|
||||||
[key in SystemRole]: Permissions;
|
[key in SystemRole]: Permissions;
|
||||||
} = {
|
} = {
|
||||||
guest: [Permission.ImageView, Permission.UserLogin],
|
guest: [
|
||||||
|
Permission.ImageView,
|
||||||
|
Permission.ImageDeleteKey,
|
||||||
|
Permission.UserLogin,
|
||||||
|
],
|
||||||
user: [
|
user: [
|
||||||
Permission.ImageView,
|
Permission.ImageView,
|
||||||
|
Permission.ImageDeleteKey,
|
||||||
|
Permission.ImageManage,
|
||||||
|
Permission.ImageUpload,
|
||||||
Permission.UserKeepLogin,
|
Permission.UserKeepLogin,
|
||||||
Permission.UserLogin,
|
Permission.UserLogin,
|
||||||
Permission.Settings,
|
Permission.Settings,
|
||||||
Permission.ImageUpload,
|
|
||||||
Permission.ApiKey,
|
Permission.ApiKey,
|
||||||
],
|
],
|
||||||
// Grant all permissions to admin
|
// Grant all permissions to admin
|
||||||
|
|
|
@ -43,6 +43,7 @@ export class ImageManageController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Post('list')
|
@Post('list')
|
||||||
|
@RequiredPermissions(Permission.ImageManage)
|
||||||
@Returns(ImageListResponse)
|
@Returns(ImageListResponse)
|
||||||
async listMyImagesPaged(
|
async listMyImagesPaged(
|
||||||
@Body() body: ImageListRequest,
|
@Body() body: ImageListRequest,
|
||||||
|
@ -61,6 +62,7 @@ export class ImageManageController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Post('delete')
|
@Post('delete')
|
||||||
|
@RequiredPermissions(Permission.ImageManage)
|
||||||
@Returns(ImageDeleteResponse)
|
@Returns(ImageDeleteResponse)
|
||||||
async deleteImage(
|
async deleteImage(
|
||||||
@Body() body: ImageDeleteRequest,
|
@Body() body: ImageDeleteRequest,
|
||||||
|
|
|
@ -5,6 +5,8 @@ export const UIFriendlyPermissions: {
|
||||||
} = {
|
} = {
|
||||||
[Permission.ImageView]: 'View Images',
|
[Permission.ImageView]: 'View Images',
|
||||||
[Permission.ImageUpload]: 'Upload Images',
|
[Permission.ImageUpload]: 'Upload Images',
|
||||||
|
[Permission.ImageManage]: 'Manage Own Images',
|
||||||
|
[Permission.ImageDeleteKey]: 'Use Deletekey',
|
||||||
|
|
||||||
[Permission.UserLogin]: 'Login',
|
[Permission.UserLogin]: 'Login',
|
||||||
[Permission.UserKeepLogin]: 'Stay Logged In',
|
[Permission.UserKeepLogin]: 'Stay Logged In',
|
||||||
|
|
|
@ -3,8 +3,10 @@
|
||||||
// This does not have to be a complete list of all permissions
|
// This does not have to be a complete list of all permissions
|
||||||
// -> the frontend and backend can be somewhat out of sync
|
// -> the frontend and backend can be somewhat out of sync
|
||||||
export enum Permission {
|
export enum Permission {
|
||||||
ImageView = 'image-view',
|
ImageView = 'image-view', // Ability to view images
|
||||||
ImageUpload = 'image-upload', // Ability to upload and manage own images
|
ImageUpload = 'image-upload', // Ability to upload images
|
||||||
|
ImageDeleteKey = 'image-delete-key', // Ability to delete images by a secret key
|
||||||
|
ImageManage = 'image-manage', // List and delete own images
|
||||||
|
|
||||||
UserLogin = 'user-login', // Ability to log in
|
UserLogin = 'user-login', // Ability to log in
|
||||||
UserKeepLogin = 'user-keep-login', // Ability to view own user details and refresh token
|
UserKeepLogin = 'user-keep-login', // Ability to view own user details and refresh token
|
||||||
|
|
Loading…
Reference in New Issue