fix: page rules role check (#1447)

* Check rule.roles against permissions * Added Role Check to EXACT matching * Code Review Fixes
2020-02-07 14:26:13 -05:00 · 2020-02-07 14:26:13 -05:00 · 7d23344c7a
commit 7d23344c7a
parent a694d26290
1 changed files with 34 additions and 32 deletions
--- a/server/core/auth.js
+++ b/server/core/auth.js
@ -173,39 +173,41 @@ module.exports = {
      user.groups.forEach(grp => {
        const grpId = _.isObject(grp) ? _.get(grp, 'id', 0) : grp
        _.get(WIKI.auth.groups, `${grpId}.pageRules`, []).forEach(rule => {
-          switch (rule.match) {
-            case 'START':
-              if (_.startsWith(`/${page.path}`, `/${rule.path}`)) {
-                checkState = this._applyPageRuleSpecificity({ rule, checkState, higherPriority: ['END', 'REGEX', 'EXACT', 'TAG'] })
-              }
-              break
-            case 'END':
-              if (_.endsWith(page.path, rule.path)) {
-                checkState = this._applyPageRuleSpecificity({ rule, checkState, higherPriority: ['REGEX', 'EXACT', 'TAG'] })
-              }
-              break
-            case 'REGEX':
-              const reg = new RegExp(rule.path)
-              if (reg.test(page.path)) {
-                checkState = this._applyPageRuleSpecificity({ rule, checkState, higherPriority: ['EXACT', 'TAG'] })
-              }
-              break
-            case 'TAG':
-              _.get(page, 'tags', []).forEach(tag => {
-                if (tag.tag === rule.path) {
-                  checkState = this._applyPageRuleSpecificity({
-                    rule,
-                    checkState,
-                    higherPriority: ['EXACT']
-                  })
+          if(_.intersection(rule.roles, permissions).length > 0) {
+            switch (rule.match) {
+              case 'START':
+                if (_.startsWith(`/${page.path}`, `/${rule.path}`)) {
+                  checkState = this._applyPageRuleSpecificity({ rule, checkState, higherPriority: ['END', 'REGEX', 'EXACT', 'TAG'] })
                }
-              })
-              break
-            case 'EXACT':
-              if (`/${page.path}` === `/${rule.path}`) {
-                checkState = this._applyPageRuleSpecificity({ rule, checkState, higherPriority: [] })
-              }
-              break
+                break
+              case 'END':
+                if (_.endsWith(page.path, rule.path)) {
+                  checkState = this._applyPageRuleSpecificity({ rule, checkState, higherPriority: ['REGEX', 'EXACT', 'TAG'] })
+                }
+                break
+              case 'REGEX':
+                const reg = new RegExp(rule.path)
+                if (reg.test(page.path)) {
+                  checkState = this._applyPageRuleSpecificity({ rule, checkState, higherPriority: ['EXACT', 'TAG'] })
+                }
+                break
+              case 'TAG':
+                _.get(page, 'tags', []).forEach(tag => {
+                  if (tag.tag === rule.path) {
+                    checkState = this._applyPageRuleSpecificity({
+                      rule,
+                      checkState,
+                      higherPriority: ['EXACT']
+                    })
+                  }
+                })
+                break
+              case 'EXACT':
+                if (`/${page.path}` === `/${rule.path}`) {
+                  checkState = this._applyPageRuleSpecificity({ rule, checkState, higherPriority: [] })
+                }
+                break
+            }
          }
        })
      })