@drax/identity-back 0.0.31 → 0.1.2

package/dist/zod/UserApiKeyZod.js

@@ -0,0 +1,9 @@
+import { array, object, string } from "zod";
+const userApiKeySchema = object({
+    name: string({ required_error: "validation.required" })
+        .min(1, "validation.required"),
+    ipv4: array(string().ip({ version: "v4", message: 'validation.invalidIpv4' })),
+    ipv6: array(string().ip({ version: "v6", message: 'validation.invalidIpv6' })),
+});
+export default userApiKeySchema;
+export { userApiKeySchema };

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "0.0.31",
+  "version": "0.1.2",
   "description": "Identity module for user management, authentication and authorization.",
   "main": "dist/index.js",
   "types": "types/index.d.ts",
@@ -16,7 +16,8 @@
     "tsc": "tsc -b tsconfig.json",
     "test": "node --import tsx --test test/**/*",
     "testMongoRepositoryRole": "node --import tsx --test test/repository/mongo/role*",
-    "testMongoRepositoryUser": "node --import tsx --test test/repository/mongo/user*",
+    "testMongoRepositoryUser": "node --import tsx --test test/repository/mongo/user-mongo*",
+    "testMongoRepositoryUserApiKey": "node --import tsx --test test/repository/mongo/user-apikey-mongo*",
     "testSqliteRepositoryUser": "node --import tsx --test test/repository/sqlite/user*",
     "testSqliteRepositoryRole": "node --import tsx --test test/repository/sqlite/role*",
     "testServiceRole": "node --import tsx --test test/service/role*",
@@ -26,9 +27,9 @@
   "author": "Cristian Incarnato & Drax Team",
   "license": "ISC",
   "dependencies": {
-    "@drax/common-back": "^0.0.31",
-    "@drax/common-share": "^0.0.31",
-    "@drax/identity-share": "^0.0.31",
+    "@drax/common-back": "^0.1.0",
+    "@drax/common-share": "^0.1.0",
+    "@drax/identity-share": "^0.1.0",
     "bcryptjs": "^2.4.3",
     "express-jwt": "^8.4.1",
     "graphql": "^16.8.2",
@@ -59,5 +60,5 @@
       "debug": "0"
     }
   },
-  "gitHead": "14a8c465526ef0edc3179be38fb0aaa081a4ebc4"
+  "gitHead": "79fef47b0aa97b4c46f057396dcafeb132ed1258"
 }

package/src/config/IdentityConfig.ts

@@ -1,13 +1,14 @@
 enum IdentityConfig {
 
-    DbEngine = "DRAX_DB_ENGINE",
-    SqliteDbFile = "DRAX_SQLITE_FILE",
-    MongoDbUri = "DRAX_MONGO_URI",
+
 
     JwtSecret = "DRAX_JWT_SECRET",
     JwtExpiration = "DRAX_JWT_EXPIRATION",
     JwtIssuer = "DRAX_JWT_ISSUER",
 
+    ApiKeySecret = "DRAX_APIKEY_SECRET",
+    ApiKeyCacheTTL = "DRAX_APIKEY_CACHE_TTL",
+
     RbacCacheTTL = "DRAX_RBAC_CACHE_TTL",
 
     AvatarDir = "DRAX_AVATAR_DIR",

package/src/factory/RoleServiceFactory.ts

@@ -1,26 +1,26 @@
-import {DraxConfig} from "@drax/common-back"
+import {DraxConfig, CommonConfig, COMMON} from "@drax/common-back"
 import RoleService from "../services/RoleService.js";
 import RoleMongoRepository from "../repository/mongo/RoleMongoRepository.js";
 import RoleSqliteRepository from "../repository/sqlite/RoleSqliteRepository.js";
-import {DbSetupUtils, DbEngine} from "../utils/DbSetupUtils.js";
 import type {IRoleRepository} from "../interfaces/IRoleRepository";
 
 let roleService: RoleService
 
-const RoleServiceFactory = (verbose: boolean = false) : RoleService => {
+const RoleServiceFactory = (verbose: boolean = false): RoleService => {
 
-    if(!roleService){
+    if (!roleService) {
         let roleRepository: IRoleRepository
 
-        switch (DbSetupUtils.getDbEngine()) {
-            case DbEngine.Mongo:
-                console.log("RoleServiceFactory DB ENGINE MONGODB")
+        switch (DraxConfig.getOrLoad(CommonConfig.DbEngine)) {
+            case COMMON.DB_ENGINES.MONGODB:
                 roleRepository = new RoleMongoRepository()
                 break;
-            case DbEngine.Sqlite:
-                console.log("RoleServiceFactory DB ENGINE SQLITE")
-                roleRepository = new RoleSqliteRepository(DbSetupUtils.getDbConfig(), verbose)
+            case COMMON.DB_ENGINES.SQLITE:
+                const dbFile = DraxConfig.getOrLoad(CommonConfig.SqliteDbFile)
+                roleRepository = new RoleSqliteRepository(dbFile, verbose)
                 break;
+            default:
+                throw new Error("DraxConfig.DB_ENGINE must be one of " + Object.values(COMMON.DB_ENGINES).join(", "));
         }
 
         roleService = new RoleService(roleRepository)
@@ -29,4 +29,4 @@ const RoleServiceFactory = (verbose: boolean = false) : RoleService => {
     return roleService
 }
 
- export default RoleServiceFactory
+export default RoleServiceFactory

package/src/factory/TenantServiceFactory.ts

@@ -1,26 +1,26 @@
-import {DraxConfig} from "@drax/common-back"
+import {COMMON, CommonConfig, DraxConfig} from "@drax/common-back"
 import TenantService from "../services/TenantService.js";
 import TenantMongoRepository from "../repository/mongo/TenantMongoRepository.js";
 import TenantSqliteRepository from "../repository/sqlite/TenantSqliteRepository.js";
-import {DbSetupUtils, DbEngine} from "../utils/DbSetupUtils.js";
 import type {ITenantRepository} from "../interfaces/ITenantRepository";
 
 let tenantService: TenantService
 
-const TenantServiceFactory = (verbose: boolean = false) : TenantService => {
+const TenantServiceFactory = (verbose: boolean = false): TenantService => {
 
-    if(!tenantService){
+    if (!tenantService) {
         let tenantRepository: ITenantRepository
 
-        switch (DbSetupUtils.getDbEngine()) {
-            case DbEngine.Mongo:
-                console.log("TenantServiceFactory DB ENGINE MONGODB")
+        switch (DraxConfig.getOrLoad(CommonConfig.DbEngine)) {
+            case COMMON.DB_ENGINES.MONGODB:
                 tenantRepository = new TenantMongoRepository()
                 break;
-            case DbEngine.Sqlite:
-                console.log("TenantServiceFactory DB ENGINE SQLITE")
-                tenantRepository = new TenantSqliteRepository(DbSetupUtils.getDbConfig(), verbose)
+            case COMMON.DB_ENGINES.SQLITE:
+                const dbFile = DraxConfig.getOrLoad(CommonConfig.SqliteDbFile)
+                tenantRepository = new TenantSqliteRepository(dbFile, verbose)
                 break;
+            default:
+                throw new Error("DraxConfig.DB_ENGINE must be one of " + Object.values(COMMON.DB_ENGINES).join(", "));
         }
 
         tenantService = new TenantService(tenantRepository)
@@ -29,4 +29,4 @@ const TenantServiceFactory = (verbose: boolean = false) : TenantService => {
     return tenantService
 }
 
- export default TenantServiceFactory
+export default TenantServiceFactory

package/src/factory/UserApiKeyServiceFactory.ts

@@ -0,0 +1,30 @@
+import UserApiKeyMongoRepository from "../repository/mongo/UserApiKeyMongoRepository.js";
+import UserApiKeyService from "../services/UserApiKeyService.js";
+import UserApiKeySqliteRepository from "../repository/sqlite/UserApiKeySqliteRepository.js";
+import {IUserApiKeyRepository} from "../interfaces/IUserApiKeyRepository";
+import {COMMON, CommonConfig, DraxConfig} from "@drax/common-back";
+
+let userService: UserApiKeyService
+
+const UserApiKeyServiceFactory = (verbose: boolean = false): UserApiKeyService => {
+    if (!userService) {
+        let userRepository: IUserApiKeyRepository
+        switch (DraxConfig.getOrLoad(CommonConfig.DbEngine)) {
+            case COMMON.DB_ENGINES.MONGODB:
+                userRepository = new UserApiKeyMongoRepository()
+                break;
+            case COMMON.DB_ENGINES.SQLITE:
+                const dbFile = DraxConfig.getOrLoad(CommonConfig.SqliteDbFile)
+                userRepository = new UserApiKeySqliteRepository(dbFile, verbose)
+                break;
+            default:
+                throw new Error("DraxConfig.DB_ENGINE must be one of " + Object.values(COMMON.DB_ENGINES).join(", "));
+        }
+
+        userService = new UserApiKeyService(userRepository)
+    }
+
+    return userService
+}
+
+export default UserApiKeyServiceFactory

package/src/factory/UserServiceFactory.ts

@@ -1,23 +1,24 @@
 import UserMongoRepository from "../repository/mongo/UserMongoRepository.js";
 import UserService from "../services/UserService.js";
 import UserSqliteRepository from "../repository/sqlite/UserSqliteRepository.js";
-import {DbEngine, DbSetupUtils} from "../utils/DbSetupUtils.js";
 import {IUserRepository} from "../interfaces/IUserRepository";
+import {COMMON, CommonConfig, DraxConfig} from "@drax/common-back";
 
 let userService: UserService
 
 const UserServiceFactory = (verbose:boolean = false) : UserService => {
     if(!userService){
         let userRepository: IUserRepository
-        switch (DbSetupUtils.getDbEngine()) {
-            case DbEngine.Mongo:
-                console.log("UserServiceFactory DB ENGINE MONGODB")
+        switch (DraxConfig.getOrLoad(CommonConfig.DbEngine)) {
+            case COMMON.DB_ENGINES.MONGODB:
                 userRepository = new UserMongoRepository()
                 break;
-            case DbEngine.Sqlite:
-                console.log("UserServiceFactory DB ENGINE SQLITE")
-                userRepository = new UserSqliteRepository(DbSetupUtils.getDbConfig(),verbose)
+            case COMMON.DB_ENGINES.SQLITE:
+                const dbFile = DraxConfig.getOrLoad(CommonConfig.SqliteDbFile)
+                userRepository = new UserSqliteRepository(dbFile,verbose)
                 break;
+            default:
+                throw new Error("DraxConfig.DB_ENGINE must be one of " + Object.values(COMMON.DB_ENGINES).join(", "));
         }
 
         userService = new UserService(userRepository)

package/src/graphql/resolvers/tenant.resolvers.ts

@@ -2,7 +2,6 @@ import TenantServiceFactory from "../../factory/TenantServiceFactory.js";
 import {IdentityPermissions} from "../../permissions/IdentityPermissions.js";
 import {ValidationError, ValidationErrorToGraphQLError} from "@drax/common-back";
 import {GraphQLError} from "graphql";
-import {PermissionService} from "../../services/PermissionService.js";
 import UnauthorizedError from "../../errors/UnauthorizedError.js";
 
 

package/src/graphql/resolvers/user-api-key.resolvers.ts

@@ -0,0 +1,94 @@
+import UserApiKeyServiceFactory from "../../factory/UserApiKeyServiceFactory.js";
+import {IdentityPermissions} from "../../permissions/IdentityPermissions.js";
+import {ValidationError, ValidationErrorToGraphQLError} from "@drax/common-back";
+import {GraphQLError} from "graphql";
+import UnauthorizedError from "../../errors/UnauthorizedError.js";
+import * as crypto from "node:crypto";
+
+
+export default {
+    Query: {
+        paginateUserApiKey: async (_, {options= {page:1, limit:5, orderBy:"", orderDesc:false, search:"", filters: []} }, {rbac, authUser}) => {
+            try {
+                rbac.assertAuthenticated()
+
+
+                rbac.assertOrPermissions([
+                    IdentityPermissions.ViewUserApiKey,
+                    IdentityPermissions.ViewMyUserApiKey
+                ])
+
+                if(!Array.isArray(options.filters)){
+                    options.filters = []
+                }
+
+                if(!rbac.hasPermission(IdentityPermissions.ViewUserApiKey)){
+                    options.filters.push({field: "user", operator: "eq", value: rbac.authUser.id})
+                }
+
+                const userApiKeyService = UserApiKeyServiceFactory()
+                return await userApiKeyService.paginate(options)
+            } catch (e) {
+                console.error("paginateUserApiKey",e)
+                if (e instanceof UnauthorizedError) {
+                    throw new GraphQLError(e.message)
+                }
+                throw new GraphQLError('error.server')
+            }
+        }
+    },
+    Mutation: {
+        createUserApiKey: async (_, {input}, {rbac}) => {
+            try {
+                rbac.assertPermission(IdentityPermissions.CreateUserApiKey)
+                input.user = rbac.authUser.id
+                input.secret = crypto.randomUUID()
+                const userApiKeyService = UserApiKeyServiceFactory(true)
+                return await userApiKeyService.create(input)
+            } catch (e) {
+                console.error("createUserApiKey",e)
+                if (e instanceof ValidationError) {
+                    throw ValidationErrorToGraphQLError(e)
+                }
+                if (e instanceof UnauthorizedError) {
+                    throw new GraphQLError(e.message)
+                }
+                throw new GraphQLError('error.server')
+            }
+
+        },
+        updateUserApiKey: async (_, {id, input}, {rbac}) => {
+            try {
+                rbac.assertPermission(IdentityPermissions.UpdateUserApiKey)
+                const userApiKeyService = UserApiKeyServiceFactory()
+                return await userApiKeyService.update(id, input)
+            } catch (e) {
+                console.error("updateUserApiKey",e)
+                if (e instanceof ValidationError) {
+                    throw ValidationErrorToGraphQLError(e)
+                }
+                if (e instanceof UnauthorizedError) {
+                    throw new GraphQLError(e.message)
+                }
+                throw new GraphQLError('error.server')
+            }
+        },
+        deleteUserApiKey: async (_, {id}, {rbac}) => {
+            try {
+                rbac.assertPermission(IdentityPermissions.DeleteUserApiKey)
+                const userApiKeyService = UserApiKeyServiceFactory()
+                return await userApiKeyService.delete(id)
+            } catch (e) {
+                console.error("deleteUserApiKey",e)
+                if (e instanceof ValidationError) {
+                    throw ValidationErrorToGraphQLError(e)
+                }
+                if (e instanceof UnauthorizedError) {
+                    throw new GraphQLError(e.message)
+                }
+                throw new GraphQLError('error.server')
+            }
+
+        }
+    }
+}

package/src/graphql/resolvers/user.resolvers.ts

@@ -20,7 +20,7 @@ export default {
                 if (authUser) {
                     let userService = UserServiceFactory()
                     let user = await userService.findById(authUser.id)
-                    delete user.password
+                    user.password = undefined
                     return user
                 }
                 throw new UnauthorizedError()
@@ -34,7 +34,9 @@ export default {
             try {
                 rbac.assertPermission(IdentityPermissions.ViewUser)
                 let userService = UserServiceFactory()
-                return await userService.findById(id)
+                let user =  await userService.findById(id)
+                user.password = undefined
+                return user
             } catch (e) {
                 if (e instanceof UnauthorizedError) {
                     throw new GraphQLError(e.message)
@@ -47,6 +49,11 @@ export default {
             try {
                 rbac.assertPermission(IdentityPermissions.ViewUser)
                 let userService = UserServiceFactory()
+
+                if(!options.filters){
+                    options.filters = []
+                }
+
                 if (rbac.getAuthUser.tenantId) {
                     options.filters.push({field: 'tenant', operator: '$eq', value: rbac.getAuthUser.tenantId})
                 }

package/src/graphql/types/userApiKey.graphql

@@ -0,0 +1,33 @@
+type UserApiKey {
+    id: ID!
+    name: String
+    secret: String
+    ipv4: [String]
+    ipv6: [String]
+    user: User
+    createdAt: Date
+    updatedAt: Date
+}
+
+type UserApiKeyPaginated{
+    total: Int
+    page: Int
+    limit: Int
+    items: [UserApiKey]
+}
+
+type Query{
+    paginateUserApiKey(options: PaginateOptions): UserApiKeyPaginated
+}
+
+input UserApiKeyInput{
+    name: String
+    ipv4: [String]
+    ipv6: [String]
+}
+
+type Mutation{
+    createUserApiKey(input: UserApiKeyInput): UserApiKey
+    updateUserApiKey(id: ID!, input: UserApiKeyInput): UserApiKey
+    deleteUserApiKey(id: ID!): Boolean
+}

package/src/index.ts

@@ -2,18 +2,24 @@ import GraphqlMerge from "./graphql/index.js"
 import UserServiceFactory from "./factory/UserServiceFactory.js";
 import RoleServiceFactory from "./factory/RoleServiceFactory.js";
 import TenantServiceFactory from "./factory/TenantServiceFactory.js";
+
 import RoleService from "./services/RoleService.js";
 import UserService from "./services/UserService.js";
 import TenantService from "./services/TenantService.js";
 import PermissionService from "./services/PermissionService.js";
+
 import Rbac from "./rbac/Rbac.js";
+
 import {UserRoutes} from "./routes/UserRoutes.js";
 import {UserAvatarRoutes} from "./routes/UserAvatarRoutes.js";
 import {RoleRoutes} from "./routes/RoleRoutes.js";
 import {TenantRoutes} from "./routes/TenantRoutes.js";
+import {UserApiKeyRoutes} from "./routes/UserApiKeyRoutes.js";
+
 import AuthUtils from "./utils/AuthUtils.js";
 import {jwtMiddleware} from "./middleware/jwtMiddleware.js";
 import {rbacMiddleware} from "./middleware/rbacMiddleware.js";
+import {apiKeyMiddleware} from "./middleware/apiKeyMiddleware.js";
 
 import IdentityPermissions from "./permissions/IdentityPermissions.js";
 import IdentityConfig from "./config/IdentityConfig.js";
@@ -29,6 +35,7 @@ import RecoveryUserPassword from "./setup/RecoveryUserPassword.js";
 import type {IRoleRepository} from "./interfaces/IRoleRepository";
 import type {ITenantRepository} from "./interfaces/ITenantRepository";
 import type {IUserRepository} from "./interfaces/IUserRepository";
+import type {IUserApiKeyRepository} from "./interfaces/IUserApiKeyRepository";
 
 
 const graphqlMergeResult = await GraphqlMerge()
@@ -40,6 +47,7 @@ export type {
     IRoleRepository,
     ITenantRepository,
     IUserRepository,
+    IUserApiKeyRepository
 }
 
 export {
@@ -64,12 +72,14 @@ export {
     RoleRoutes,
     TenantRoutes,
     UserAvatarRoutes,
+    UserApiKeyRoutes,
 
     AuthUtils,
 
     //API MIDDLEWARE
     jwtMiddleware,
     rbacMiddleware,
+    apiKeyMiddleware,
 
     //Permissions
     IdentityPermissions,

package/src/interfaces/IUserApiKeyRepository.ts

@@ -0,0 +1,8 @@
+import {IUserApiKey, IUserApiKeyBase} from '@drax/identity-share'
+import {IDraxCrud} from "@drax/common-share";
+
+interface IUserApiKeyRepository extends IDraxCrud<IUserApiKey, IUserApiKeyBase, IUserApiKeyBase>{
+    findBySecret(username: string): Promise<IUserApiKey | null>;
+}
+
+export {IUserApiKeyRepository}

package/src/middleware/apiKeyMiddleware.ts

@@ -0,0 +1,35 @@
+import {IUserApiKey} from "@drax/identity-share";
+import {DraxCache, DraxConfig} from "@drax/common-back";
+import UserApiKeyServiceFactory from "../factory/UserApiKeyServiceFactory.js";
+import IdentityConfig from "../config/IdentityConfig.js";
+
+const cacheTTL = DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL) ? parseInt(DraxConfig.getOrLoad(IdentityConfig.ApiKeyCacheTTL)) : 10000;
+const draxCache = new DraxCache<IUserApiKey>(cacheTTL);
+
+
+async function userApiKeyLoader(k):Promise<IUserApiKey | null> {
+    const userApiKeyService = UserApiKeyServiceFactory()
+    const userApiKey: IUserApiKey = await userApiKeyService.findBySecret(k)
+    return userApiKey
+}
+
+async function apiKeyMiddleware (request, reply) {
+        try{
+            const apiKey = request.headers['x-api-key']
+            if(apiKey){
+                const userApiKey = await draxCache.getOrLoad(apiKey, userApiKeyLoader)
+                if(userApiKey && userApiKey.user){
+                    request.authUser = userApiKey.user
+                    request.authUser.roleId = userApiKey.user.role.id
+                    request.authUser.tenantId = userApiKey.user.tenant.id
+                }
+            }
+            return
+        }catch (e) {
+            console.error(e)
+            reply.code(500).send({ error: 'APIKEY ERROR' });
+        }
+}
+
+export default apiKeyMiddleware;
+export {apiKeyMiddleware}

package/src/middleware/rbacMiddleware.ts

@@ -16,10 +16,9 @@ async function roleLoader(k):Promise<IRole | null> {
 
 async function rbacMiddleware (request, reply) {
         try{
-            //console.log("rbacMiddleware authUser",request.authUser)
             if(request.authUser as IJwtUser){
                 const authUser = request.authUser
-                const cacheKey= authUser.roleId
+                const cacheKey = authUser.roleId
                 const role = await draxCache.getOrLoad(cacheKey, roleLoader)
                 const rbac = new Rbac(authUser,role)
                 request.rbac = rbac

package/src/models/UserApiKeyModel.ts

@@ -0,0 +1,59 @@
+import {mongoose, MongooseSoftDelete} from '@drax/common-back';
+import {IUserApiKey} from "@drax/identity-share";
+import uniqueValidator from 'mongoose-unique-validator';
+import mongoosePaginate from 'mongoose-paginate-v2'
+import {PaginateModel} from "mongoose";
+
+// Defining user Mongoose Schema
+const UserApiKeySchema = new mongoose.Schema<IUserApiKey>({
+    name: {
+        type: String,
+        unique: false,
+        required: true,
+        index: false,
+    },
+    secret: {
+        type: String,
+        unique: false,
+        required: true,
+        index: true,
+    },
+    user: {
+        type: mongoose.Schema.Types.ObjectId,
+        ref: 'User',
+        required: true,
+    },
+    ipv4: [{
+        type: String,
+        unique: false,
+        required: false,
+        index: false,
+    }],
+    ipv6: [{
+        type: String,
+        unique: false,
+        required: false,
+        index: false,
+    }],
+}, {timestamps: true});
+
+UserApiKeySchema.set('toJSON', {getters: true});
+
+UserApiKeySchema.plugin(uniqueValidator, {message: 'validation.unique'});
+
+UserApiKeySchema.plugin(MongooseSoftDelete);
+UserApiKeySchema.plugin(mongoosePaginate);
+
+const MODEL_NAME = 'UserApiKey';
+const COLLECTION_NAME = 'userApiKeys';
+
+const UserApiKeyModel = mongoose.model<IUserApiKey,PaginateModel<IUserApiKey>>(MODEL_NAME, UserApiKeySchema,COLLECTION_NAME);
+
+
+export {
+    UserApiKeySchema,
+    UserApiKeyModel
+}
+
+export default UserApiKeyModel
+

package/src/permissions/IdentityPermissions.ts

@@ -7,6 +7,13 @@ enum IdentityPermissions {
     ViewUser = "user:view",
     ManageUser = "user:manage",
 
+    CreateUserApiKey = "userApiKey:create",
+    UpdateUserApiKey = "userApiKey:update",
+    DeleteUserApiKey = "userApiKey:delete",
+    ViewUserApiKey = "userApiKey:view",
+    ViewMyUserApiKey = "userApiKey:myView",
+    ManageUserApiKey = "userApiKey:manage",
+
     CreateRole = "role:create",
     UpdateRole = "role:update",
     DeleteRole = "role:delete",

package/src/rbac/Rbac.ts

@@ -1,7 +1,7 @@
 import {IJwtUser, IRole} from "@drax/identity-share";
 import UnauthorizedError from "../errors/UnauthorizedError.js";
 
-class Rbac{
+class Rbac {
     private role: IRole;
     private authUser: IJwtUser;
 
@@ -27,11 +27,22 @@ class Rbac{
     }
 
     assertPermission(requiredPermission: string) {
-        if(!this.hasPermission(requiredPermission)){
+        if (!this.hasPermission(requiredPermission)) {
             throw new UnauthorizedError()
         }
     }
 
+    assertOrPermissions(requiredPermissions: string[]) {
+
+        for(let requiredPermission of requiredPermissions){
+            if (this.hasPermission(requiredPermission)) {
+                return true
+            }
+        }
+
+        throw new UnauthorizedError()
+    }
+
     assertAuthenticated() {
         if (!this.authUser) {
             throw new UnauthorizedError()