Add permissions Service

Checks if the given user has sufficient rights on the given resource.

Signed-off-by: Yannick Bungers <git@innay.de>
This commit is contained in:
Yannick Bungers 2021-02-16 09:32:58 +01:00 committed by David Mehren
parent 68cbb5a9c2
commit 838b95b8c2
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
2 changed files with 103 additions and 4 deletions

View file

@ -9,11 +9,10 @@ import { TypeOrmModule } from '@nestjs/typeorm';
import { LoggerModule } from '../logger/logger.module';
import { NoteGroupPermission } from './note-group-permission.entity';
import { NoteUserPermission } from './note-user-permission.entity';
import { PermissionsService } from './permissions.service';
@Module({
imports: [
TypeOrmModule.forFeature([NoteUserPermission, NoteGroupPermission]),
LoggerModule,
],
exports: [PermissionsService],
providers: [PermissionsService],
})
export class PermissionsModule {}

View file

@ -0,0 +1,100 @@
/*
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { Injectable } from '@nestjs/common';
import { User } from '../users/user.entity';
import { Note } from '../notes/note.entity';
import { ConsoleLoggerService } from '../logger/console-logger.service';
@Injectable()
export class PermissionsService {
constructor(private readonly logger: ConsoleLoggerService) {}
mayRead(user: User, note: Note): boolean {
if (this.isOwner(user, note)) return true;
if (this.hasPermissionUser(user, note, false)) return true;
if (this.hasPermissionGroup(user, note, false)) return true;
return false;
}
mayWrite(user: User, note: Note): boolean {
if (this.isOwner(user, note)) return true;
if (this.hasPermissionUser(user, note, true)) return true;
if (this.hasPermissionGroup(user, note, true)) return true;
return false;
}
mayCreate(user: User): boolean {
if (user) {
// TODO: (config.guestPermission == "create")
return true;
}
return false;
}
isOwner(user: User, note: Note): boolean {
if (!user) return false;
return note.owner.id === user.id;
}
private hasPermissionUser(
user: User,
note: Note,
wantEdit: boolean,
): boolean {
if (!user) {
return false;
}
for (const userPermission of note.userPermissions) {
if (
userPermission.user.id === user.id &&
(userPermission.canEdit || !wantEdit)
) {
return true;
}
}
return false;
}
private hasPermissionGroup(
user: User,
note: Note,
wantEdit: boolean,
): boolean {
// TODO: Get real config value
const guestsAllowed = false; // (config.guestPermission == "write" || config.guestPermission == "read" && !wantEdit)
for (const groupPermission of note.groupPermissions) {
if (groupPermission.canEdit || !wantEdit) {
// Handle special groups
if (groupPermission.group.special) {
if (groupPermission.group.name == 'loggedIn') {
// TODO: Name of group for logged in users
return true;
}
if (
groupPermission.group.name == 'everybody' &&
(groupPermission.canEdit || !wantEdit) &&
guestsAllowed
) {
// TODO: Name of group in which everybody even guests can edit
return true;
}
} else {
// Handle normal groups
if (user) {
for (const member of groupPermission.group.members) {
if (member.id === user.id) return true;
}
}
}
}
}
return false;
}
}