huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
bd7dd40d71fe75e7b95bfcc70f8923ea136a37d4
speckle-server/packages/server/modules/core/rest/authUtils.js
T
Kristaps Fabians Geikins 37d51072fb feat(server): resource limits on app tokens (#1959) 
* WIP new mutation arg

* limited resource token creation done

* token resource rule creation validation

* updated authorizeResolver implementation

* introduced resource access rule checks in authorizeResolver everywhere

* more checks added

* updated projects resolvers

* updated stream resolvers

* more checks added

* error page theme resolution fix

* WIP testss

* more tests

* implemented checks in REST auth pipeline

* REST API coverage & tests

* some tests fixed

* test fixess

* added tests

* feat(server): new automation result reporting scope (#1976)

* feat(server): new automation result reporting scope

* tests fix
2024-01-19 18:14:49 +01:00

77 lines
2.0 KiB
JavaScript
Raw Blame History

'use strict'
const { validateScopes, authorizeResolver } = require('@/modules/shared')
const { getStream } = require('../services/streams')
const { Roles, Scopes } = require('@speckle/shared')
const { throwForNotHavingServerRole } = require('@/modules/shared/authz')
module.exports = {
async validatePermissionsReadStream(streamId, req) {
const stream = await getStream({ streamId, userId: req.context.userId })
if (stream?.isPublic) return { result: true, status: 200 }
try {
await throwForNotHavingServerRole(req.context, Roles.Server.Guest)
} catch (err) {
return { result: false, status: 401 }
}
if (!stream) return { result: false, status: 404 }
if (!stream.isPublic && req.context.auth === false) {
return { result: false, status: 401 }
}
if (!stream.isPublic) {
try {
await validateScopes(req.context.scopes, Scopes.Streams.Read)
} catch (err) {
return { result: false, status: 401 }
}
try {
await authorizeResolver(
req.context.userId,
streamId,
Roles.Stream.Reviewer,
req.context.resourceAccessRules
)
} catch (err) {
return { result: false, status: 401 }
}
}
return { result: true, status: 200 }
},
async validatePermissionsWriteStream(streamId, req) {
if (!req.context || !req.context.auth) {
return { result: false, status: 401 }
}
try {
await throwForNotHavingServerRole(req.context, Roles.Server.Guest)
} catch (err) {
return { result: false, status: 401 }
}
try {
await validateScopes(req.context.scopes, Scopes.Streams.Write)
} catch (err) {
return { result: false, status: 401 }
}
try {
await authorizeResolver(
req.context.userId,
streamId,
Roles.Stream.Contributor,
req.context.resourceAccessRules
)
} catch (err) {
return { result: false, status: 401 }
}
return { result: true, status: 200 }
}
}
Reference in New Issue View Git Blame Copy Permalink