Kristaps Fabians Geikins
83d8035dc2
* root + server * frontend * frontend-2 * dui3 * dui3 * tailwind theme * ui-components * preview service * viewer * viewer-sandbox * fileimport-service * webhook service * objectloader * shared * ui-components-nuxt * WIP full config * WIP full linter * eslint projectwide util * minor fix * removing redundant ci * clean up test errors * fixed prettier formatting * CI improvements * TSC lint fix * 'buildBatch' needs to be async since some batch types (like Text) require it. Removed a disabled liniting rule from ObjLoader * removed unnecessary void --------- Co-authored-by: AlexandruPopovici <alexandrupopoviciioan@gmail.com>
77 lines
2.0 KiB
JavaScript
77 lines
2.0 KiB
JavaScript
'use strict'
|
|
const { validateScopes, authorizeResolver } = require('@/modules/shared')
|
|
|
|
const { getStream } = require('../services/streams')
|
|
const { Roles, Scopes } = require('@speckle/shared')
|
|
const { throwForNotHavingServerRole } = require('@/modules/shared/authz')
|
|
|
|
module.exports = {
|
|
async validatePermissionsReadStream(streamId, req) {
|
|
const stream = await getStream({ streamId, userId: req.context.userId })
|
|
if (stream?.isPublic) return { result: true, status: 200 }
|
|
|
|
try {
|
|
await throwForNotHavingServerRole(req.context, Roles.Server.Guest)
|
|
} catch {
|
|
return { result: false, status: 401 }
|
|
}
|
|
|
|
if (!stream) return { result: false, status: 404 }
|
|
|
|
if (!stream.isPublic && req.context.auth === false) {
|
|
return { result: false, status: 401 }
|
|
}
|
|
|
|
if (!stream.isPublic) {
|
|
try {
|
|
await validateScopes(req.context.scopes, Scopes.Streams.Read)
|
|
} catch {
|
|
return { result: false, status: 401 }
|
|
}
|
|
|
|
try {
|
|
await authorizeResolver(
|
|
req.context.userId,
|
|
streamId,
|
|
Roles.Stream.Reviewer,
|
|
req.context.resourceAccessRules
|
|
)
|
|
} catch {
|
|
return { result: false, status: 401 }
|
|
}
|
|
}
|
|
return { result: true, status: 200 }
|
|
},
|
|
|
|
async validatePermissionsWriteStream(streamId, req) {
|
|
if (!req.context || !req.context.auth) {
|
|
return { result: false, status: 401 }
|
|
}
|
|
|
|
try {
|
|
await throwForNotHavingServerRole(req.context, Roles.Server.Guest)
|
|
} catch {
|
|
return { result: false, status: 401 }
|
|
}
|
|
|
|
try {
|
|
await validateScopes(req.context.scopes, Scopes.Streams.Write)
|
|
} catch {
|
|
return { result: false, status: 401 }
|
|
}
|
|
|
|
try {
|
|
await authorizeResolver(
|
|
req.context.userId,
|
|
streamId,
|
|
Roles.Stream.Contributor,
|
|
req.context.resourceAccessRules
|
|
)
|
|
} catch {
|
|
return { result: false, status: 401 }
|
|
}
|
|
|
|
return { result: true, status: 200 }
|
|
}
|
|
}
|