| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- const methodPermission = require('../config/permission')
- const {
- ERROR
- } = require('../common/error')
- function isAccessAllowed (user, setting) {
- const {
- role: userRole = [],
- permission: userPermission = []
- } = user
- const {
- role: settingRole = [],
- permission: settingPermission = []
- } = setting
- if (userRole.includes('admin')) {
- return
- }
- if (
- settingRole.length > 0 &&
- settingRole.every(item => !userRole.includes(item))
- ) {
- throw {
- errCode: ERROR.PERMISSION_ERROR
- }
- }
- if (
- settingPermission.length > 0 &&
- settingPermission.every(item => !userPermission.includes(item))
- ) {
- throw {
- errCode: ERROR.PERMISSION_ERROR
- }
- }
- }
- module.exports = async function () {
- const methodName = this.getMethodName()
- if (!(methodName in methodPermission)) {
- return
- }
- const {
- auth,
- role,
- permission
- } = methodPermission[methodName]
- if (auth || role || permission) {
- await this.middleware.auth()
- }
- if (role && role.length === 0) {
- throw new Error('[AccessControl]Empty role array is not supported')
- }
- if (permission && permission.length === 0) {
- throw new Error('[AccessControl]Empty permission array is not supported')
- }
- return isAccessAllowed(this.authInfo, {
- role,
- permission
- })
- }
|
