LicenseAPI/Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated projects.ts#checkProjectAccess

Browse Source
This commit is contained in:
Mathias Wagner 2023-01-22 20:40:13 +01:00
parent 65fde10e97
commit 618c81cbe2
Signed by: Mathias
GPG Key ID: B8DC354B0A1F5B44
1 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/controller/projects.ts
View File

@ -3,17 +3,26 @@ import { encryptClearField } from "@utils/decryption";
import { Types } from "mongoose"; import { Types } from "mongoose";
import crypto from "crypto"; import crypto from "crypto";
import { IKeyRole } from "@models/AccessKey"; import { IKeyRole } from "@models/AccessKey";
import { Member } from "@models/Member";
export const checkProjectAccess = (requiredPermission: IKeyRole) => async (userId: string, projectId: string) => { export const checkProjectAccess = (requiredPermission: IKeyRole) => async (userId: string, projectId: string) => {
if (!Types.ObjectId.isValid(projectId)) if (!Types.ObjectId.isValid(projectId))
return { code: 3, message: "Invalid object id provided" }; return { code: 3, message: "Invalid object id provided" };
const project = await Project.findOne({ _id: projectId, creatorId: encryptClearField(userId) }); let project = await Project.findOne({ _id: projectId, creatorId: encryptClearField(userId) });
if (project !== null) return project;
const projectMember = await Member.findOne({ memberId: encryptClearField(userId || ""), accepted: true });
if (projectMember === null) return { code: 5009, message: "The provided project id does not exist" };
project = await Project.findById(projectMember.projectId);
if (project === null) return { code: 5009, message: "The provided project id does not exist" }; if (project === null) return { code: 5009, message: "The provided project id does not exist" };
// TODO: Get project where userId is a member if (projectMember.role === IKeyRole.ADMIN) return project;
if (requiredPermission === IKeyRole.MANAGE && projectMember.role === IKeyRole.MANAGE) return project;
if (requiredPermission === IKeyRole.VIEW && (projectMember.role === IKeyRole.VIEW || projectMember.role === IKeyRole.MANAGE)) return project;
return project; return { code: 5009, message: "The provided project id does not exist" };
}; };
const projectMapper = (project: IProject) => ({ const projectMapper = (project: IProject) => ({
@ -24,7 +33,11 @@ const projectMapper = (project: IProject) => ({
export const listProjects = async (userId?: string) => { export const listProjects = async (userId?: string) => {
const projects = await Project.find({ creatorId: encryptClearField(userId || "") }); const projects = await Project.find({ creatorId: encryptClearField(userId || "") });
// TODO: Find projects where userId is a member const memberProjects = await Member.find({ memberId: encryptClearField(userId || ""), accepted: true });
for (let project of memberProjects) {
const foundProject = await Project.findById(project.projectId);
if (foundProject !== null) projects.push(foundProject);
}
return projects.map(project => projectMapper(project)); return projects.map(project => projectMapper(project));
}; };