Added access rights feature + read access check

2016-10-31 22:44:00 -04:00
parent 09b4d37f4c
commit a05560e9fc
9 changed files with 122 additions and 17 deletions
--- a/libs/auth.js
+++ b/libs/auth.js
@@ -131,7 +131,13 @@ module.exports = function(passport, appconfig) {
 						provider: 'local',
 						email: appconfig.admin,
 						name: "Administrator",
-						password: pwd
+						password: pwd,
+						rights: [{
+							role: 'admin',
+							path: '/',
+							exact: false,
+							deny: false
+						}]
 					});
 				}).then(() => {
 					winston.info('[' + PROCNAME + '][AUTH] Administrator account created successfully!');
--- a/libs/rights.js
+++ b/libs/rights.js
@@ -0,0 +1,57 @@
+"use strict";
+
+const _ = require('lodash');
+
+/**
+ * Rights 
+ */
+module.exports = {
+
+
+	check(req, role) {
+
+		let rt = [];
+		let p = _.chain(req.originalUrl).toLower().trim().value();
+
+		// Load User Rights
+
+		if(_.isArray(req.user.rights)) {
+			rt = req.user.rights;
+		}
+
+		// Is admin?
+
+		if(_.find(rt, { role: 'admin' })) {
+			return true;
+		}
+
+		// Check specific role on path
+
+		let filteredRights = _.filter(rt, (r) => {
+			if(r.role === role || (r.role === 'write' && role === 'read')) {
+				if((!r.exact && _.startsWith(p, r.path)) || (r.exact && p === r.path)) {
+					return true;
+				}
+			}
+			return false;
+		});
+
+		// Check for deny scenario
+
+		let isValid = false;
+
+		if(filteredRights.length > 1) {
+			isValid = !_.chain(filteredRights).sortBy((r) => {
+				return r.path.length + ((r.deny) ? 0.5 : 0);
+			}).last().get('deny').value();
+		} else if(filteredRights.length == 1 && filteredRights[0].deny === false) {
+			isValid = true;
+		}
+
+		// Deny by default
+
+		return isValid;
+
+	}
+
+};