| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 |
- const methodPermission = require('../config/permission')
- const {
- ERROR
- } = require('../common/error')
- function isAccessAllowed (user, setting) {
- const {
- role: userRole = [],
- permission: userPermission = []
- } = user
- const {
- role: settingRole = [],
- permission: settingPermission = []
- } = setting
- if (userRole.includes('admin')) {
- return
- }
- if (
- settingRole.length > 0 &&
- settingRole.every(item => !userRole.includes(item))
- ) {
- throw {
- errCode: ERROR.PERMISSION_ERROR
- }
- }
- if (
- settingPermission.length > 0 &&
- settingPermission.every(item => !userPermission.includes(item))
- ) {
- throw {
- errCode: ERROR.PERMISSION_ERROR
- }
- }
- }
- module.exports = async function () {
- const methodName = this.getMethodName()
- if (!(methodName in methodPermission)) {
- return
- }
- const {
- auth,
- role,
- permission
- } = methodPermission[methodName]
- if (auth || role || permission) {
- await this.middleware.auth()
- }
- if (role && role.length === 0) {
- throw new Error('[AccessControl]Empty role array is not supported')
- }
- if (permission && permission.length === 0) {
- throw new Error('[AccessControl]Empty permission array is not supported')
- }
- return isAccessAllowed(this.authInfo, {
- role,
- permission
- })
- }
|
