@data-fair/lib-common-types 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/session/index.d.ts +6 -2
- package/session/index.js +13 -10
package/package.json
CHANGED
package/session/index.d.ts
CHANGED
|
@@ -5,7 +5,11 @@ export * from './.type/index.js';
|
|
|
5
5
|
export declare function isAuthenticated(sessionState: SessionState): sessionState is SessionStateAuthenticated;
|
|
6
6
|
export declare function assertAuthenticated(sessionState: SessionState): asserts sessionState is SessionStateAuthenticated;
|
|
7
7
|
export declare function assertAdminMode(sessionState: SessionState): asserts sessionState is SessionStateAuthenticated;
|
|
8
|
-
|
|
9
|
-
|
|
8
|
+
type AssertRoleOptions = {
|
|
9
|
+
allAccounts?: boolean;
|
|
10
|
+
acceptDepAsRoot?: boolean;
|
|
11
|
+
};
|
|
12
|
+
export declare function getAccountRole(sessionState: SessionState, account: AccountKeys, options?: AssertRoleOptions): string | null;
|
|
13
|
+
export declare function assertAccountRole(sessionState: SessionState, account: AccountKeys, roles: string | string[], options?: AssertRoleOptions): void;
|
|
10
14
|
export declare function isValidAccountType(type: string): type is 'user' | 'organization';
|
|
11
15
|
export declare function assertValidAccountType(type: string): asserts type is 'user' | 'organization';
|
package/session/index.js
CHANGED
|
@@ -11,28 +11,31 @@ export function assertAdminMode (sessionState) {
|
|
|
11
11
|
// TODO: use sessionState.locale to internationalize error message
|
|
12
12
|
if (!sessionState.user.adminMode) { throw httpError(403, 'super admin only') }
|
|
13
13
|
}
|
|
14
|
-
function matchAccount (userAccount, resourceAccount) {
|
|
14
|
+
function matchAccount (userAccount, resourceAccount, acceptDepAsRoot = false) {
|
|
15
15
|
if (userAccount.type !== resourceAccount.type) { return false }
|
|
16
16
|
if (userAccount.id !== resourceAccount.id) { return false }
|
|
17
|
-
if (
|
|
17
|
+
if (!acceptDepAsRoot) {
|
|
18
|
+
if (userAccount.department && userAccount.department !== resourceAccount.department) { return false }
|
|
19
|
+
}
|
|
18
20
|
return true
|
|
19
21
|
}
|
|
20
|
-
export function getAccountRole (sessionState, account,
|
|
22
|
+
export function getAccountRole (sessionState, account, options = {}) {
|
|
21
23
|
if (!isAuthenticated(sessionState)) { return null }
|
|
22
24
|
if (sessionState.user.adminMode) { return 'admin' }
|
|
23
|
-
if (
|
|
24
|
-
if (matchAccount(sessionState.account, account)) { return sessionState.accountRole }
|
|
25
|
-
} else {
|
|
25
|
+
if (options.allAccounts) {
|
|
26
26
|
if (account.type === 'user' && sessionState.user.id === account.id) { return 'admin' }
|
|
27
27
|
for (const org of sessionState.user.organizations) {
|
|
28
|
-
if (matchAccount({ type: 'organization', id: org.id, department: org.department }, account)) { return org.role }
|
|
28
|
+
if (matchAccount({ type: 'organization', id: org.id, department: org.department }, account, options.acceptDepAsRoot)) { return org.role }
|
|
29
29
|
}
|
|
30
|
+
} else {
|
|
31
|
+
if (matchAccount(sessionState.account, account, options.acceptDepAsRoot)) { return sessionState.accountRole }
|
|
30
32
|
}
|
|
31
33
|
return null
|
|
32
34
|
}
|
|
33
|
-
export function assertAccountRole (sessionState, account,
|
|
34
|
-
|
|
35
|
-
|
|
35
|
+
export function assertAccountRole (sessionState, account, roles, options = {}) {
|
|
36
|
+
if (typeof roles === 'string') { roles = [roles] }
|
|
37
|
+
const accountRole = getAccountRole(sessionState, account, options)
|
|
38
|
+
if (!accountRole || !roles.includes(accountRole)) { throw httpError(403, `requires ${roles.join(', ')} role(s)`) }
|
|
36
39
|
}
|
|
37
40
|
export function isValidAccountType (type) {
|
|
38
41
|
return ['user', 'organization'].includes(type)
|