github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-25 03:06:31 -05:00
Code Issues Projects Releases Packages Wiki Activity

refactor: allow only one required permission in require-permission decorator

Browse source 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Tilman Vatteroth 2023-05-19 14:25:56 +02:00
parent 9ca6485219
commit 6e0e63688b
2 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
backend/src/permissions/permissions.guard.ts
View file

@ -32,12 +32,12 @@ export class PermissionsGuard implements CanActivate {
}
async canActivate(context: ExecutionContext): Promise<boolean> {
const permissions = this.reflector.get<RequiredPermission[]>(
const permission = this.reflector.get<RequiredPermission>(
PERMISSION_METADATA_KEY,
context.getHandler(),
);
// If no permissions are set this is probably an error and this guard should not let the request pass
if (!permissions) {
if (!permission) {
this.logger.error(
'Could not find permission metadata. This should never happen. If you see this, please open an issue at https://github.com/hedgedoc/hedgedoc/issues',
);
@ -46,7 +46,7 @@ export class PermissionsGuard implements CanActivate {
const request: CompleteRequest = context.switchToHttp().getRequest();
const user = request.user ?? null;
// handle CREATE permissions, as this does not need any note
if (permissions[0] === RequiredPermission.CREATE) {
if (permission === RequiredPermission.CREATE) {
return this.permissionsService.mayCreate(user);
}
// Attention: This gets the note an additional time if used in conjunction with GetNoteInterceptor or NoteHeaderInterceptor
@ -58,7 +58,7 @@ export class PermissionsGuard implements CanActivate {
return false;
}
return await this.permissionsService.checkPermissionOnNote(
permissions[0],
permission,
user,
note,
);

6
backend/src/permissions/require-permission.decorator.ts
View file

@ -11,9 +11,9 @@ export const PERMISSION_METADATA_KEY = 'requiredPermission';
/**
* This decorator gathers the {@link RequiredPermission Permission} a user must hold for the {@link PermissionsGuard}
* @param permissions - an array of permissions. In practice this should always contain exactly one {@link RequiredPermission}
* @param {RequiredPermission} permission the required permission for the decorated action.
*/
// eslint-disable-next-line func-style,@typescript-eslint/naming-convention
export const RequirePermission = (
...permissions: RequiredPermission[]
): CustomDecorator => SetMetadata(PERMISSION_METADATA_KEY, permissions);
permission: RequiredPermission,
): CustomDecorator => SetMetadata(PERMISSION_METADATA_KEY, permission);