npm - @ozdao/prometheus-framework - Versions diffs - 0.2.125 → 0.2.127 - Mend

@ozdao/prometheus-framework 0.2.125 → 0.2.127

Files changed (190) hide show

package/dist/auth.server.js CHANGED Viewed

@@ -50,6 +50,8 @@ const { verifyAppleIdToken } = verifyAppleIdToken_1;
 const controllerFactory$3 = (db) => {
   const User = db.user;
   const Membership = db.membership;
+  const Department = db.department;
+  const Organization = db.organization;
   const Invite = db.invite;
   const Role = db.role;
   const signin = async (req, res) => {
@@ -221,10 +223,60 @@ const controllerFactory$3 = (db) => {
       return res.status(500).send({ message: err.message });
     }
   };
+  const checkAccesses = async (req, res) => {
+    try {
+      const uid = new db.mongoose.Types.ObjectId(req.userId);
+      const depts = await Department.find({ "members.user": uid });
+      const ownedOrgs = await Organization.find({ owner: uid });
+      const ownedOrgIds = ownedOrgs.map((org) => org._id.toString());
+      const accesses = {};
+      depts.forEach((dept) => {
+        const orgId = dept.organization.toString();
+        if (!accesses[orgId]) {
+          accesses[orgId] = {
+            organization: orgId,
+            rights: {}
+          };
+        }
+        const existingAccess = accesses[orgId].rights;
+        Object.keys(dept.accesses).forEach((key) => {
+          if (!existingAccess[key]) {
+            existingAccess[key] = {};
+          }
+          const rights = dept.accesses[key];
+          Object.keys(rights).forEach((right) => {
+            existingAccess[key][right] = existingAccess[key][right] || rights[right];
+          });
+        });
+      });
+      ownedOrgIds.forEach((orgId) => {
+        if (!accesses[orgId]) {
+          accesses[orgId] = {
+            organization: orgId,
+            rights: {}
+          };
+        }
+        Object.keys(depts[0].accesses).forEach((key) => {
+          if (!accesses[orgId].rights[key]) {
+            accesses[orgId].rights[key] = {};
+          }
+          Object.keys(depts[0].accesses[key]).forEach((right) => {
+            accesses[orgId].rights[key][right] = true;
+          });
+        });
+      });
+      const accessArray = Object.values(accesses);
+      res.status(200).json(accessArray);
+    } catch (err) {
+      console.error("Error getting accesses:", err);
+      res.status(500).json({ message: "Internal server error" });
+    }
+  };
   return {
     signin,
     signup,
-    updatePassword
+    updatePassword,
+    checkAccesses
   };
 };
 var auth_controller = controllerFactory$3;
@@ -263,7 +315,7 @@ const middlewareFactory$1 = index.server;
 var auth_routes = function(app, db, origins) {
   const controller = controllerFactory$1(db);
   const controllerTwofa = controllerFactoryTwofa();
-  const { verifySignUp, verifyUser } = middlewareFactory$1(db);
+  const { verifySignUp, verifyUser, authJwt } = middlewareFactory$1(db);
   app.post(
     "/api/auth/signup",
     [
@@ -287,6 +339,13 @@ var auth_routes = function(app, db, origins) {
     "/api/auth/update-password",
     controller.updatePassword
   );
+  app.get(
+    "/api/auth/check-accesses",
+    [
+      authJwt.verifyToken
+    ],
+    controller.checkAccesses
+  );
 };
 const controllerFactory = twofa_controller;
 const middlewareFactory = index.server;

package/dist/auth.server.mjs CHANGED Viewed

@@ -49,6 +49,8 @@ const { verifyAppleIdToken } = verifyAppleIdToken_1;
 const controllerFactory$3 = (db) => {
   const User = db.user;
   const Membership = db.membership;
+  const Department = db.department;
+  const Organization = db.organization;
   const Invite = db.invite;
   const Role = db.role;
   const signin = async (req, res) => {
@@ -220,10 +222,60 @@ const controllerFactory$3 = (db) => {
       return res.status(500).send({ message: err.message });
     }
   };
+  const checkAccesses = async (req, res) => {
+    try {
+      const uid = new db.mongoose.Types.ObjectId(req.userId);
+      const depts = await Department.find({ "members.user": uid });
+      const ownedOrgs = await Organization.find({ owner: uid });
+      const ownedOrgIds = ownedOrgs.map((org) => org._id.toString());
+      const accesses = {};
+      depts.forEach((dept) => {
+        const orgId = dept.organization.toString();
+        if (!accesses[orgId]) {
+          accesses[orgId] = {
+            organization: orgId,
+            rights: {}
+          };
+        }
+        const existingAccess = accesses[orgId].rights;
+        Object.keys(dept.accesses).forEach((key) => {
+          if (!existingAccess[key]) {
+            existingAccess[key] = {};
+          }
+          const rights = dept.accesses[key];
+          Object.keys(rights).forEach((right) => {
+            existingAccess[key][right] = existingAccess[key][right] || rights[right];
+          });
+        });
+      });
+      ownedOrgIds.forEach((orgId) => {
+        if (!accesses[orgId]) {
+          accesses[orgId] = {
+            organization: orgId,
+            rights: {}
+          };
+        }
+        Object.keys(depts[0].accesses).forEach((key) => {
+          if (!accesses[orgId].rights[key]) {
+            accesses[orgId].rights[key] = {};
+          }
+          Object.keys(depts[0].accesses[key]).forEach((right) => {
+            accesses[orgId].rights[key][right] = true;
+          });
+        });
+      });
+      const accessArray = Object.values(accesses);
+      res.status(200).json(accessArray);
+    } catch (err) {
+      console.error("Error getting accesses:", err);
+      res.status(500).json({ message: "Internal server error" });
+    }
+  };
   return {
     signin,
     signup,
-    updatePassword
+    updatePassword,
+    checkAccesses
   };
 };
 var auth_controller = controllerFactory$3;
@@ -262,7 +314,7 @@ const middlewareFactory$1 = server;
 var auth_routes = function(app, db, origins) {
   const controller = controllerFactory$1(db);
   const controllerTwofa = controllerFactoryTwofa();
-  const { verifySignUp, verifyUser } = middlewareFactory$1(db);
+  const { verifySignUp, verifyUser, authJwt } = middlewareFactory$1(db);
   app.post(
     "/api/auth/signup",
     [
@@ -286,6 +338,13 @@ var auth_routes = function(app, db, origins) {
     "/api/auth/update-password",
     controller.updatePassword
   );
+  app.get(
+    "/api/auth/check-accesses",
+    [
+      authJwt.verifyToken
+    ],
+    controller.checkAccesses
+  );
 };
 const controllerFactory = twofa_controller;
 const middlewareFactory = server;

package/dist/gallery.server.js CHANGED Viewed

@@ -113,28 +113,80 @@ const controllerFactory$1 = (db) => {
   };
 };
 var gallery_controller = controllerFactory$1;
+const middlewareFactory = (db) => {
+  db.user;
+  const Organization = db.organization;
+  const Department = db.department;
+  const verifyRead = (resource) => {
+    return async (req, res, next) => {
+      try {
+        const ownerOrgId = new db.mongoose.Types.ObjectId(req.query.owner);
+        ;
+        const userId = new db.mongoose.Types.ObjectId(req.userId);
+        const isOwnerOfOrg = await Organization.exists({
+          _id: ownerOrgId,
+          owner: userId
+        });
+        if (isOwnerOfOrg) {
+          return next();
+        }
+        const isMemberOfOrg = await Department.exists({
+          organization: ownerOrgId,
+          "members.user": userId
+        });
+        if (!isMemberOfOrg) {
+          req.query.status = "published";
+        } else {
+          const departments = await Department.find({ organization: ownerOrgId });
+          let hasAccess = false;
+          for (const department of departments) {
+            const accessRights = department.accesses[resource];
+            if (accessRights && accessRights.read) {
+              hasAccess = true;
+              break;
+            }
+          }
+          if (!hasAccess) {
+            req.query.status = "published";
+          }
+        }
+        next();
+      } catch (err) {
+        console.error("Access control error:", err);
+        return res.status(403).json({ error: "Access denied" });
+      }
+    };
+  };
+  return {
+    verifyRead
+  };
+};
+var verifyAccesses = middlewareFactory;
 const controllerFactory = gallery_controller;
 const middlewareFactoryGlobal = index.server;
+const middlewareFactoryAccesses = verifyAccesses;
 var gallery_routes = function(app, db, origins) {
   const controller = controllerFactory(db);
   const { authJwt } = middlewareFactoryGlobal(db);
+  const { verifyRead } = middlewareFactoryAccesses(db);
   app.get(
     "/api/gallery/read",
+    [
+      authJwt.verifyToken,
+      verifyRead("gallery")
+    ],
     controller.read
   );
   app.post(
     "/api/gallery/create",
-    [authJwt.verifyToken],
     controller.create
   );
   app.put(
     "/api/gallery/update",
-    [authJwt.verifyToken],
     controller.update
   );
   app.delete(
     "/api/gallery/delete/:_id",
-    [authJwt.verifyToken],
     controller.delete
   );
 };

package/dist/gallery.server.mjs CHANGED Viewed

@@ -112,28 +112,80 @@ const controllerFactory$1 = (db) => {
   };
 };
 var gallery_controller = controllerFactory$1;
+const middlewareFactory = (db) => {
+  db.user;
+  const Organization = db.organization;
+  const Department = db.department;
+  const verifyRead = (resource) => {
+    return async (req, res, next) => {
+      try {
+        const ownerOrgId = new db.mongoose.Types.ObjectId(req.query.owner);
+        ;
+        const userId = new db.mongoose.Types.ObjectId(req.userId);
+        const isOwnerOfOrg = await Organization.exists({
+          _id: ownerOrgId,
+          owner: userId
+        });
+        if (isOwnerOfOrg) {
+          return next();
+        }
+        const isMemberOfOrg = await Department.exists({
+          organization: ownerOrgId,
+          "members.user": userId
+        });
+        if (!isMemberOfOrg) {
+          req.query.status = "published";
+        } else {
+          const departments = await Department.find({ organization: ownerOrgId });
+          let hasAccess = false;
+          for (const department of departments) {
+            const accessRights = department.accesses[resource];
+            if (accessRights && accessRights.read) {
+              hasAccess = true;
+              break;
+            }
+          }
+          if (!hasAccess) {
+            req.query.status = "published";
+          }
+        }
+        next();
+      } catch (err) {
+        console.error("Access control error:", err);
+        return res.status(403).json({ error: "Access denied" });
+      }
+    };
+  };
+  return {
+    verifyRead
+  };
+};
+var verifyAccesses = middlewareFactory;
 const controllerFactory = gallery_controller;
 const middlewareFactoryGlobal = server;
+const middlewareFactoryAccesses = verifyAccesses;
 var gallery_routes = function(app, db, origins) {
   const controller = controllerFactory(db);
   const { authJwt } = middlewareFactoryGlobal(db);
+  const { verifyRead } = middlewareFactoryAccesses(db);
   app.get(
     "/api/gallery/read",
+    [
+      authJwt.verifyToken,
+      verifyRead("gallery")
+    ],
     controller.read
   );
   app.post(
     "/api/gallery/create",
-    [authJwt.verifyToken],
     controller.create
   );
   app.put(
     "/api/gallery/update",
-    [authJwt.verifyToken],
     controller.update
   );
   app.delete(
     "/api/gallery/delete/:_id",
-    [authJwt.verifyToken],
     controller.delete
   );
 };