@ozdao/prometheus-framework 0.2.125 → 0.2.127

package/src/components/Feed/Feed.vue

@@ -227,7 +227,6 @@ const loadMoreItems = async () => {
 };
 
 const fetchItems = async () => {
-  console.log('Date is', date.value)
   const data = await props.store.read({
     skip: currentSkip.value,
     limit: currentLimit.value,
@@ -255,12 +254,14 @@ const fetchItems = async () => {
 
 watch(() => props.external, (newVal, oldVal) => {
   if (newVal !== oldVal) {
+     currentSkip.value = 0
     fetchItems();
   }
 }, { deep: true });
 
 watch(() => date.value, (newVal, oldVal) => {
   if (newVal !== oldVal) {
+     currentSkip.value = 0
     fetchItems();
   }
 }, { deep: true });
@@ -268,6 +269,7 @@ watch(() => date.value, (newVal, oldVal) => {
 watch(() => sort.value?.order, (newVal, oldVal) => {
 
   if (newVal !== oldVal) {
+     currentSkip.value = 0
     fetchItems();
   }
 }, { deep: true });
@@ -275,6 +277,7 @@ watch(() => sort.value?.order, (newVal, oldVal) => {
 watch(() => sort.value?.param, (newVal, oldVal) => {
 
   if (newVal !== oldVal) {
+     currentSkip.value = 0
     fetchItems();
   }
 }, { deep: true });
@@ -292,6 +295,7 @@ watch(() => props.options, (newVal, oldVal) => {
     newVal.type !== oldVal.type ||
     newVal.tags !== oldVal.tags
   ) {
+    currentSkip.value = 0
     fetchItems();
   }
 }, { deep: true });

package/src/modules/auth/controllers/auth.controller.js

@@ -10,6 +10,8 @@ const controllerFactory = (db) => {
 
   const User = db.user;
   const Membership = db.membership;
+  const Department = db.department;
+  const Organization = db.organization;
   const Invite = db.invite;
   const Role = db.role;
 
@@ -146,7 +148,7 @@ const controllerFactory = (db) => {
 
       const newMembership = new Membership({
         type: 'organization',
-         user: new ObjectId(user._id),
+        user: new ObjectId(user._id),
         target: new ObjectId(invite.owner.target),
         role: invite.role,
         label: invite.role
@@ -223,11 +225,75 @@ const controllerFactory = (db) => {
     }
   };
 
+  const checkAccesses = async (req, res) => {
+    try {
+      const uid = new db.mongoose.Types.ObjectId(req.userId);
+      const depts = await Department.find({ 'members.user': uid });
+
+      // Fetch organizations where the user is the owner
+      const ownedOrgs = await Organization.find({ owner: uid });
+      const ownedOrgIds = ownedOrgs.map(org => org._id.toString());
+
+      const accesses = {};
+
+      depts.forEach(dept => {
+        const orgId = dept.organization.toString();
+
+        if (!accesses[orgId]) {
+          accesses[orgId] = {
+            organization: orgId,
+            rights: {}
+          };
+        }
+
+        const existingAccess = accesses[orgId].rights;
+
+        Object.keys(dept.accesses).forEach(key => {
+          if (!existingAccess[key]) {
+            existingAccess[key] = {};
+          }
+
+          const rights = dept.accesses[key];
+
+          Object.keys(rights).forEach(right => {
+            existingAccess[key][right] = existingAccess[key][right] || rights[right];
+          });
+        });
+      });
+
+      // Grant all accesses as true if the user is the owner of the organization
+      ownedOrgIds.forEach(orgId => {
+        if (!accesses[orgId]) {
+          accesses[orgId] = {
+            organization: orgId,
+            rights: {}
+          };
+        }
+
+        Object.keys(depts[0].accesses).forEach(key => {
+          if (!accesses[orgId].rights[key]) {
+            accesses[orgId].rights[key] = {};
+          }
+
+          Object.keys(depts[0].accesses[key]).forEach(right => {
+            accesses[orgId].rights[key][right] = true;
+          });
+        });
+      });
+
+      const accessArray = Object.values(accesses);
+      res.status(200).json(accessArray);
+    } catch (err) {
+      console.error('Error getting accesses:', err);
+      res.status(500).json({ message: 'Internal server error' });
+    }
+  };
 
   return {
     signin,
     signup,
-    updatePassword
+    updatePassword,
+    checkAccesses
   };
 };
 

package/src/modules/auth/routes/auth.routes.js

@@ -8,7 +8,7 @@ module.exports = function(app, db, origins) {
   const controller = controllerFactory(db);
   const controllerTwofa = controllerFactoryTwofa(db);
 
-  const { verifySignUp, verifyUser } = middlewareFactory(db);
+  const { verifySignUp, verifyUser, authJwt } = middlewareFactory(db);
   
   app.post(
     "/api/auth/signup",
@@ -37,4 +37,11 @@ module.exports = function(app, db, origins) {
     controller.updatePassword
   );
 
+  app.get(
+    "/api/auth/check-accesses",
+    [
+      authJwt.verifyToken,
+    ],
+     controller.checkAccesses
+  );
 };

package/src/modules/auth/store/auth.js

@@ -26,28 +26,40 @@
       token: null,
       status: false
     },
+    accesses: [
+    ]
   });
 
   async function initialize() {
-
+  try {
     const userCookie = await getCookie('user');
 
     if (userCookie) {
       const { _id, email, phone, roles, accessToken } = userCookie;
 
-      Object.assign(state.user, { _id, email, phone });
-      Object.assign(state.access, { token: accessToken, roles, status: !!accessToken });
-
-      $axios.interceptors.request.use((config) => {
-        if (accessToken) {
-          config.headers['x-access-token'] = accessToken;
-        }
+      // Установка токена в Axios интерцептор для всех запросов
+      axios.interceptors.request.use(config => {
+        config.headers['x-access-token'] = accessToken;
         return config;
-      }, (error) => {
+      }, error => {
         return Promise.reject(error);
       });
+
+      // Проверка токена через серверный маршрут
+      const response = await axios.get('/api/auth/check-accesses');
+      const userAccesses = response.data;
+
+      // Обновление состояния приложения с информацией о пользователе и его правах доступа
+      Object.assign(state.user, { _id, email, phone });
+      Object.assign(state.access, { token: accessToken, roles, status: !!accessToken });
+      state.accesses = userAccesses;
     }
+  } catch (error) {
+    console.error('Error initializing app:', error);
+    removeCookie('user'); 
+    state.accesses = [];
   }
+}
 
   initialize();
 

package/src/modules/backoffice/components/pages/Dashboard.vue

@@ -6,6 +6,7 @@
 			class="bg-light mn-b-semi"
 		>
 			<MenuItem 
+				v-if="hasAccess(route.params._id, 'members', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Organization Members', 
 		  		params: {
@@ -34,6 +35,7 @@
 		  </MenuItem> -->
 
 		  <MenuItem 
+		  	v-if="hasAccess(route.params._id, 'products', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Products', 
 		  		params: {
@@ -48,6 +50,7 @@
 		  </MenuItem>
 
 		  <MenuItem 
+		  	v-if="hasAccess(route.params._id, 'leftovers', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Leftovers', 
 		  		params: {
@@ -62,6 +65,7 @@
 		  </MenuItem>
 
 		  <MenuItem 
+		  	v-if="hasAccess(route.params._id, 'orders', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Backoffice Orders', 
 		  		params: {
@@ -76,6 +80,7 @@
 		  </MenuItem>
 
 		  <MenuItem 
+		  	v-if="hasAccess(route.params._id, 'gallery', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Backoffice Gallery', 
 		  		params: {
@@ -90,6 +95,7 @@
 		  </MenuItem>
 		  
 		  <MenuItem 
+		  	v-if="hasAccess(route.params._id, 'events', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Backoffice Events', 
 		  		params: {

package/src/modules/gallery/gallery.client.js

@@ -1,4 +1,4 @@
-import * as galleryStore from './store/gallery.js';
+import galleryStore from './store/gallery.js';
 
 // Importing Vue Router routes from the router directory
 import galleryRouter from './router/gallery.router.js';

package/src/modules/gallery/routes/gallery.routes.js

@@ -2,32 +2,36 @@
 const controllerFactory = require("../controllers/gallery.controller");
 // Middlewares
 const middlewareFactoryGlobal = require('@pf/src/modules/middlewares/server');
+const middlewareFactoryAccesses = require('@pf/src/modules/middlewares/server/verifyAccesses')
 
 module.exports = function(app, db, origins) {
   const controller = controllerFactory(db);
 
   const { authJwt } = middlewareFactoryGlobal(db);
+  const { verifyRead } = middlewareFactoryAccesses(db)
+
 
   app.get(
     "/api/gallery/read",
+    [
+      authJwt.verifyToken,
+      verifyRead('gallery'),
+    ],
     controller.read
   );
   
   app.post(
     "/api/gallery/create",
-    [authJwt.verifyToken],
     controller.create
   );
 
   app.put(
     "/api/gallery/update",
-    [authJwt.verifyToken],
     controller.update
   );
 
   app.delete(
     "/api/gallery/delete/:_id",
-    [authJwt.verifyToken],
     controller.delete
   );
 };

package/src/modules/globals/mixins/mixins.js

@@ -1,6 +1,23 @@
 // mixins.js
 export const globalMixins = {
   methods: {
+    hasAccess(organizationId, rightCategory, rightType, accesses) {
+      const accessArray = accesses;
+      
+      const organizationAccess = accessArray.find(access => access.organization === organizationId);
+
+      if (!organizationAccess) {
+        return false;
+      }
+
+      const categoryAccess = organizationAccess.rights[rightCategory];
+
+      if (!categoryAccess) {
+        return false;
+      }
+
+      return categoryAccess[rightType] === true;
+    },
     returnCurrency() {
       const currency = '฿'
       return currency

package/src/modules/marketplace/components/pages/Catalog.vue

@@ -2,7 +2,7 @@
 	<Feed
 		v-model:sort="store.marketplace.state.sort"
     :search="true"
-      :showLoadMore="false"
+    :showLoadMore="false"
     :states="{
       empty: {
         title: 'No Shops Found',

package/src/modules/middlewares/server/verifyAccesses.js

@@ -1,33 +1,110 @@
-const ReadDepartments = require('./accessors/ReadDepartments');
+const middlewareFactory = (db) => {
+  const User = db.user;
+  const Organization = db.organization;
+  const Department = db.department;
 
-module.exports = (db) => {
-  // Объекты посредников
-  const instances = [];
+  const verifyRead = (resource) => {
+    return async (req, res, next) => {
+      try {
+        // Получаем идентификатор организации из запроса
+        const ownerOrgId = new db.mongoose.Types.ObjectId(req.query.owner);;
 
-  // Регистрация посредников отвечающий за проверку прав доступа
-  const middlewares = [
-    ReadDepartments,
-  ];
+        // Получаем текущего пользователя
+        const userId = new db.mongoose.Types.ObjectId(req.userId);
 
-  let nextMiddleware = null;
+        // Проверяем, является ли пользователь владельцем организации
+        const isOwnerOfOrg = await Organization.exists({
+          _id: ownerOrgId,
+          owner: userId
+        });
 
-  // Собираем цепочку посредников
-  for (let i = middlewares.length - 1; i >= 0; i--) {
-    const Middleware = middlewares[i];
-    const middleware = new Middleware();
+        // Если пользователь является владельцем организации, ему разрешен доступ ко всем ресурсам
+        if (isOwnerOfOrg) {
+          return next();
+        }
 
-    // Передаем в посредники параметры
-    middleware.db = db;
+        // Проверяем, является ли пользователь членом организации через департаменты
+        const isMemberOfOrg = await Department.exists({
+          organization: ownerOrgId,
+          'members.user': userId
+        });
 
-    // Добавляем звено следующего посредника
-    middleware.next = nextMiddleware;
 
-    // Добавляем middleware в начало массива.
-    instances.unshift(middleware);
+        if (!isMemberOfOrg) {
+          // Если пользователь не является членом организации, ограничиваем доступ к опубликованным ресурсам
+          req.query.status = 'published';
+        } else {
+          // Пользователь является членом организации, проверяем его права доступа
 
-    nextMiddleware = middleware;
-  }
+          // Находим все департаменты данной организации, к которым относится пользователь
+          const departments = await Department.find({ organization: ownerOrgId });
 
-  // Запускам цепочку зарегестрированных посредников
-  return (rule, entity) => instances[0].check(rule, entity);
+          // Проверяем доступ пользователя ко всем ресурсам
+          let hasAccess = false;
+
+          for (const department of departments) {
+            const accessRights = department.accesses[resource];
+            if (accessRights && accessRights.read) {
+              // Если хотя бы в одном департаменте есть права на чтение ресурса, разрешаем доступ
+              hasAccess = true;
+              break;
+            }
+          }
+
+          if (!hasAccess) {
+            // Если у пользователя нет прав на чтение данного ресурса ни в одном департаменте, ограничиваем доступ к опубликованным ресурсам
+            req.query.status = 'published';
+          }
+        }
+
+        next();
+      } catch (err) {
+        console.error('Access control error:', err);
+        return res.status(403).json({ error: 'Access denied' });
+      }
+    };
+  };
+
+   // Middleware для проверки доступа
+  const verifyModify = (action, resource) => {
+    return async (req, res, next) => {
+      try {
+        const user = req.userId; 
+
+        const department = await Department.findOne({
+          owner: organizationId
+        });
+
+        if (!department) {
+          return res.status(403).json({
+            message: "Access forbidden"
+          });
+        }
+
+        const accesses = department.accesses;
+
+        // Проверяем права доступа пользователя к ресурсу
+        const resourceAccess = accesses[resource];
+        if (!resourceAccess || !resourceAccess[action]) {
+          return res.status(403).json({
+            message: "Access forbidden"
+          });
+        }
+
+        next();
+      } catch (error) {
+        console.error("Access control error:", error);
+        return res.status(500).json({
+          message: "Internal server error"
+        });
+      }
+    };
+  };
+
+
+  return {
+    verifyRead,
+  };
 };
+
+module.exports = middlewareFactory;

package/src/modules/organizations/components/blocks/CardDepartment.vue

@@ -32,7 +32,7 @@
       <ul>
         <li v-if="department.members.length < 1">No members in department</li>
         <User 
-          class="pd-small br-solid br-1px br-black-transp-5 radius-small mn-b-thin" 
+          class="h-4r pd-small br-solid br-1px br-black-transp-5 radius-small mn-b-thin" 
           v-for="(member, index) in department.members" 
           :key="index" 
           :user="member.user" 

package/src/modules/organizations/components/pages/DepartmentEdit.vue

@@ -54,7 +54,7 @@
       class="cols-1 gap-thin mn-b-thin"
     > 
       <CardUser 
-        class="bg-white pd-thin radius-medium w-100" 
+        class="h-4r bg-white pd-thin radius-medium w-100" 
         v-for="(member, index) in departments.state.department.members" 
         :key="index" 
         :user="member.user" 
@@ -110,7 +110,7 @@
             globals.actions.add(departments.state.department.members, { _id: user.user._id, user: user.user, position: 'Member'})
             closeMemberPopup();
           }"
-          class="bg-white pd-thin radius-medium w-100 mn-b-thin"
+          class="h-4r bg-white pd-thin radius-medium w-100 mn-b-thin"
         />
       </Feed>
     </Popup>
@@ -139,6 +139,28 @@
           <p class="p-medium mn-b-small">Please select organization accesses for user in department:</p>
           
           <div class="cols-1 gap-thin">
+            <h4>Gallery</h4>
+            <Checkbox
+              label="Read gallery"
+              name="readProducts"
+              class="w-100 mn-r-small bg-white radius-small pd-small"
+              :radio="departments.state.department.accesses.gallery.read"
+              @update:radio="updated => (departments.state.department.accesses.gallery.read = !departments.state.department.accesses.gallery.read)"
+            />
+            <Checkbox
+              label="Edit gallery"
+              name="editProducts"
+              class="w-100 mn-r-small bg-white radius-small pd-small"
+              :radio="departments.state.department.accesses.gallery.edit"
+              @update:radio="updated => (departments.state.department.accesses.gallery.edit = !departments.state.department.accesses.gallery.edit)"
+            />
+            <Checkbox
+              label="Delete gallery"
+              name="deleteProducts"
+              class="w-100 bg-white radius-small pd-small"
+              :radio="departments.state.department.accesses.gallery.delete"
+              @update:radio="updated => (departments.state.department.accesses.gallery.delete = !departments.state.department.accesses.gallery.delete)"
+            />
             <h4>Products</h4>
             <Checkbox
               label="Read products"

package/src/modules/organizations/components/pages/Members.vue

@@ -151,7 +151,7 @@
               },
               method: () => removeInvite(index, invite)
             }"
-            class="w-100 bg-light radius-big flex-nowrap flex pd-medium"
+            class="h-4r w-100 bg-light radius-big flex-nowrap flex pd-medium"
           />
         </Feed>
       </div>

package/src/modules/organizations/models/department.model.js

@@ -28,6 +28,48 @@ module.exports = (mongoose) => {
     },
 
     accesses: {
+      members: {
+        read: {
+          type: Boolean,
+          default: false,
+        },
+        edit: {
+          type: Boolean,
+          default: false,
+        },
+        delete: {
+          type: Boolean,
+          default: false,
+        },
+      },
+      gallery: {
+        read: {
+          type: Boolean,
+          default: false,
+        },
+        edit: {
+          type: Boolean,
+          default: false,
+        },
+        delete: {
+          type: Boolean,
+          default: false,
+        },
+      },
+      leftovers: {
+        read: {
+          type: Boolean,
+          default: false,
+        },
+        edit: {
+          type: Boolean,
+          default: false,
+        },
+        delete: {
+          type: Boolean,
+          default: false,
+        },
+      },
       products: {
         read: {
           type: Boolean,
@@ -42,7 +84,6 @@ module.exports = (mongoose) => {
           default: false,
         },
       },
-
       orders: {
         read: {
           type: Boolean,
@@ -57,7 +98,6 @@ module.exports = (mongoose) => {
           default: false,
         },
       },
-
       departments: {
         read: {
           type: Boolean,

package/src/modules/organizations/routes/departments.routes.js

@@ -1,19 +1,12 @@
 // Factories
 const controllerFactory = require("../controllers/departments.controller")
-// Middlewares
-const accessMiddlewaresFactory = require('@pf/src/modules/middlewares/server/verifyAccesses')
-
 // Routes
 module.exports = function(app, db) {
   const controller = controllerFactory(db)
-  const verifyAccesses = accessMiddlewaresFactory(db)
-  
+
   // Get organization departments by _id
   app.get(
     "/api/departments/read",
-    // [
-    //   verifyAccesses('read', 'departments'),
-    // ],
     controller.read
   );
 

package/src/modules/organizations/store/departments.js

@@ -34,6 +34,11 @@ const state = reactive({
     // Accesses
     hidden: false,
     accesses: {
+      gallery: {
+        read: false,
+        edit: false,
+        delete: false,
+      },
       products: {
         read: false,
         edit: false,