2019-09-24 04:44:13 -04:00
|
|
|
let UserMembershipAuthorization = {
|
|
|
|
hasStaffAccess(requiredStaffAccess) {
|
|
|
|
return req => {
|
|
|
|
if (!req.user) {
|
|
|
|
return false
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-09-24 04:44:13 -04:00
|
|
|
if (req.user.isAdmin) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return (
|
|
|
|
requiredStaffAccess &&
|
|
|
|
req.user.staffAccess &&
|
|
|
|
req.user.staffAccess[requiredStaffAccess]
|
2019-08-12 03:43:50 -04:00
|
|
|
)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
},
|
|
|
|
|
2019-09-24 04:44:13 -04:00
|
|
|
hasEntityAccess() {
|
|
|
|
return req => {
|
|
|
|
if (!req.entity) {
|
|
|
|
return false
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-09-24 04:44:13 -04:00
|
|
|
return req.entity[req.entityConfig.fields.access].some(accessUserId =>
|
|
|
|
accessUserId.equals(req.user._id)
|
2019-05-29 05:21:06 -04:00
|
|
|
)
|
|
|
|
}
|
2019-09-24 04:44:13 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-09-24 04:44:13 -04:00
|
|
|
module.exports = UserMembershipAuthorization
|