mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 19:26:31 -05:00
Add permissions Service
Checks if the given user has sufficient rights on the given resource. Signed-off-by: Yannick Bungers <git@innay.de>
This commit is contained in:
parent
68cbb5a9c2
commit
838b95b8c2
2 changed files with 103 additions and 4 deletions
|
@ -9,11 +9,10 @@ import { TypeOrmModule } from '@nestjs/typeorm';
|
|||
import { LoggerModule } from '../logger/logger.module';
|
||||
import { NoteGroupPermission } from './note-group-permission.entity';
|
||||
import { NoteUserPermission } from './note-user-permission.entity';
|
||||
import { PermissionsService } from './permissions.service';
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
TypeOrmModule.forFeature([NoteUserPermission, NoteGroupPermission]),
|
||||
LoggerModule,
|
||||
],
|
||||
exports: [PermissionsService],
|
||||
providers: [PermissionsService],
|
||||
})
|
||||
export class PermissionsModule {}
|
||||
|
|
100
src/permissions/permissions.service.ts
Normal file
100
src/permissions/permissions.service.ts
Normal file
|
@ -0,0 +1,100 @@
|
|||
/*
|
||||
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
|
||||
*
|
||||
* SPDX-License-Identifier: AGPL-3.0-only
|
||||
*/
|
||||
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { User } from '../users/user.entity';
|
||||
import { Note } from '../notes/note.entity';
|
||||
import { ConsoleLoggerService } from '../logger/console-logger.service';
|
||||
|
||||
@Injectable()
|
||||
export class PermissionsService {
|
||||
constructor(private readonly logger: ConsoleLoggerService) {}
|
||||
mayRead(user: User, note: Note): boolean {
|
||||
if (this.isOwner(user, note)) return true;
|
||||
|
||||
if (this.hasPermissionUser(user, note, false)) return true;
|
||||
|
||||
if (this.hasPermissionGroup(user, note, false)) return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
mayWrite(user: User, note: Note): boolean {
|
||||
if (this.isOwner(user, note)) return true;
|
||||
|
||||
if (this.hasPermissionUser(user, note, true)) return true;
|
||||
|
||||
if (this.hasPermissionGroup(user, note, true)) return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
mayCreate(user: User): boolean {
|
||||
if (user) {
|
||||
// TODO: (config.guestPermission == "create")
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
isOwner(user: User, note: Note): boolean {
|
||||
if (!user) return false;
|
||||
return note.owner.id === user.id;
|
||||
}
|
||||
|
||||
private hasPermissionUser(
|
||||
user: User,
|
||||
note: Note,
|
||||
wantEdit: boolean,
|
||||
): boolean {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
for (const userPermission of note.userPermissions) {
|
||||
if (
|
||||
userPermission.user.id === user.id &&
|
||||
(userPermission.canEdit || !wantEdit)
|
||||
) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private hasPermissionGroup(
|
||||
user: User,
|
||||
note: Note,
|
||||
wantEdit: boolean,
|
||||
): boolean {
|
||||
// TODO: Get real config value
|
||||
const guestsAllowed = false; // (config.guestPermission == "write" || config.guestPermission == "read" && !wantEdit)
|
||||
for (const groupPermission of note.groupPermissions) {
|
||||
if (groupPermission.canEdit || !wantEdit) {
|
||||
// Handle special groups
|
||||
if (groupPermission.group.special) {
|
||||
if (groupPermission.group.name == 'loggedIn') {
|
||||
// TODO: Name of group for logged in users
|
||||
return true;
|
||||
}
|
||||
if (
|
||||
groupPermission.group.name == 'everybody' &&
|
||||
(groupPermission.canEdit || !wantEdit) &&
|
||||
guestsAllowed
|
||||
) {
|
||||
// TODO: Name of group in which everybody even guests can edit
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
// Handle normal groups
|
||||
if (user) {
|
||||
for (const member of groupPermission.group.members) {
|
||||
if (member.id === user.id) return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue