@ozdao/prometheus-framework 0.2.126 → 0.2.127

Sign up to get free protection for your applications and to get access to all the features.
Files changed (152) hide show
  1. package/dist/auth.server.js +61 -2
  2. package/dist/auth.server.mjs +61 -2
  3. package/dist/gallery.server.js +55 -3
  4. package/dist/gallery.server.mjs +55 -3
  5. package/dist/main-CF35oB7q.js +92 -0
  6. package/dist/main-CmL_j3wv.mjs +14223 -0
  7. package/dist/organizations.server.js +112 -184
  8. package/dist/organizations.server.mjs +112 -184
  9. package/dist/prometheus-framework/src/components/Block/Block.vue.cjs +1 -1
  10. package/dist/prometheus-framework/src/components/Block/Block.vue.js +1 -1
  11. package/dist/prometheus-framework/src/components/Button/Button.vue.cjs +1 -1
  12. package/dist/prometheus-framework/src/components/Button/Button.vue.js +1 -94
  13. package/dist/prometheus-framework/src/components/Button/Button.vue2.cjs +1 -1
  14. package/dist/prometheus-framework/src/components/Button/Button.vue2.js +94 -1
  15. package/dist/prometheus-framework/src/components/Field/Field.vue.cjs +1 -1
  16. package/dist/prometheus-framework/src/components/Field/Field.vue.js +1 -84
  17. package/dist/prometheus-framework/src/components/Field/Field.vue2.cjs +1 -1
  18. package/dist/prometheus-framework/src/components/Field/Field.vue2.js +84 -1
  19. package/dist/prometheus-framework/src/components/FieldBig/FieldBig.vue.cjs +1 -1
  20. package/dist/prometheus-framework/src/components/FieldBig/FieldBig.vue.js +1 -1
  21. package/dist/prometheus-framework/src/components/Popup/Popup.vue.cjs +1 -1
  22. package/dist/prometheus-framework/src/components/Popup/Popup.vue.js +1 -77
  23. package/dist/prometheus-framework/src/components/Popup/Popup.vue2.cjs +1 -1
  24. package/dist/prometheus-framework/src/components/Popup/Popup.vue2.js +77 -1
  25. package/dist/prometheus-framework/src/components/Tooltip/Tooltip.vue.cjs +1 -1
  26. package/dist/prometheus-framework/src/components/Tooltip/Tooltip.vue.js +1 -45
  27. package/dist/prometheus-framework/src/components/Tooltip/Tooltip.vue2.cjs +1 -1
  28. package/dist/prometheus-framework/src/components/Tooltip/Tooltip.vue2.js +45 -1
  29. package/dist/prometheus-framework/src/modules/auth/components/layouts/Auth.vue.cjs +1 -1
  30. package/dist/prometheus-framework/src/modules/auth/components/layouts/Auth.vue.js +2 -2
  31. package/dist/prometheus-framework/src/modules/auth/components/pages/EnterCode.vue.cjs +1 -1
  32. package/dist/prometheus-framework/src/modules/auth/components/pages/EnterCode.vue.js +1 -1
  33. package/dist/prometheus-framework/src/modules/auth/components/pages/EnterPassword.vue.cjs +1 -1
  34. package/dist/prometheus-framework/src/modules/auth/components/pages/EnterPassword.vue.js +2 -2
  35. package/dist/prometheus-framework/src/modules/auth/components/pages/Invite.vue.cjs +1 -1
  36. package/dist/prometheus-framework/src/modules/auth/components/pages/Invite.vue.js +2 -2
  37. package/dist/prometheus-framework/src/modules/auth/components/pages/ResetPassword.vue.cjs +1 -1
  38. package/dist/prometheus-framework/src/modules/auth/components/pages/ResetPassword.vue.js +2 -2
  39. package/dist/prometheus-framework/src/modules/auth/components/pages/SignIn.vue.cjs +1 -1
  40. package/dist/prometheus-framework/src/modules/auth/components/pages/SignIn.vue.js +2 -2
  41. package/dist/prometheus-framework/src/modules/auth/components/pages/SignUp.vue.cjs +1 -1
  42. package/dist/prometheus-framework/src/modules/auth/components/pages/SignUp.vue.js +2 -2
  43. package/dist/prometheus-framework/src/modules/auth/store/auth.cjs +1 -1
  44. package/dist/prometheus-framework/src/modules/auth/store/auth.js +57 -50
  45. package/dist/prometheus-framework/src/modules/backoffice/components/pages/Dashboard.vue.cjs +1 -1
  46. package/dist/prometheus-framework/src/modules/backoffice/components/pages/Dashboard.vue.js +68 -62
  47. package/dist/prometheus-framework/src/modules/community/components/pages/Community.vue.cjs +1 -1
  48. package/dist/prometheus-framework/src/modules/community/components/pages/Community.vue.js +2 -2
  49. package/dist/prometheus-framework/src/modules/community/components/pages/CreateBlogPost.vue.cjs +1 -1
  50. package/dist/prometheus-framework/src/modules/community/components/pages/CreateBlogPost.vue.js +3 -3
  51. package/dist/prometheus-framework/src/modules/community/components/sections/HotPosts.vue.cjs +1 -1
  52. package/dist/prometheus-framework/src/modules/community/components/sections/HotPosts.vue.js +1 -1
  53. package/dist/prometheus-framework/src/modules/constructor/components/elements/Embed.vue.cjs +1 -1
  54. package/dist/prometheus-framework/src/modules/constructor/components/elements/Embed.vue.js +1 -1
  55. package/dist/prometheus-framework/src/modules/events/components/elements/ButtonCheck.vue.cjs +1 -1
  56. package/dist/prometheus-framework/src/modules/events/components/elements/ButtonCheck.vue.js +2 -2
  57. package/dist/prometheus-framework/src/modules/events/components/elements/ButtonJoin.vue.cjs +1 -1
  58. package/dist/prometheus-framework/src/modules/events/components/elements/ButtonJoin.vue.js +1 -1
  59. package/dist/prometheus-framework/src/modules/events/components/pages/EditEvent.vue.cjs +1 -1
  60. package/dist/prometheus-framework/src/modules/events/components/pages/EditEvent.vue.js +3 -3
  61. package/dist/prometheus-framework/src/modules/events/components/pages/EditEventTickets.vue.cjs +1 -1
  62. package/dist/prometheus-framework/src/modules/events/components/pages/EditEventTickets.vue.js +3 -3
  63. package/dist/prometheus-framework/src/modules/gallery/components/pages/Gallery.vue.cjs +1 -1
  64. package/dist/prometheus-framework/src/modules/gallery/components/pages/Gallery.vue.js +1 -1
  65. package/dist/prometheus-framework/src/modules/gallery/components/sections/BackofficeGallery.vue.cjs +1 -1
  66. package/dist/prometheus-framework/src/modules/gallery/components/sections/BackofficeGallery.vue.js +3 -3
  67. package/dist/prometheus-framework/src/modules/gallery/gallery.client.cjs +1 -1
  68. package/dist/prometheus-framework/src/modules/gallery/gallery.client.js +4 -4
  69. package/dist/prometheus-framework/src/modules/globals/components/blocks/BlockSearch.vue.cjs +1 -1
  70. package/dist/prometheus-framework/src/modules/globals/components/blocks/BlockSearch.vue.js +1 -1
  71. package/dist/prometheus-framework/src/modules/globals/components/blocks/CardHeader.vue.cjs +1 -1
  72. package/dist/prometheus-framework/src/modules/globals/components/blocks/CardHeader.vue.js +2 -2
  73. package/dist/prometheus-framework/src/modules/legal/components/pages/Legal.vue.cjs +1 -1
  74. package/dist/prometheus-framework/src/modules/legal/components/pages/Legal.vue.js +2 -2
  75. package/dist/prometheus-framework/src/modules/orders/components/pages/OrderBackoffice.vue.cjs +1 -1
  76. package/dist/prometheus-framework/src/modules/orders/components/pages/OrderBackoffice.vue.js +1 -1
  77. package/dist/prometheus-framework/src/modules/orders/components/pages/OrderCreateBackoffice.vue.cjs +1 -1
  78. package/dist/prometheus-framework/src/modules/orders/components/pages/OrderCreateBackoffice.vue.js +3 -3
  79. package/dist/prometheus-framework/src/modules/orders/components/sections/FormAddCustomer.vue.cjs +1 -1
  80. package/dist/prometheus-framework/src/modules/orders/components/sections/FormAddCustomer.vue.js +2 -2
  81. package/dist/prometheus-framework/src/modules/orders/components/sections/FormCustomerDetails.vue.cjs +1 -1
  82. package/dist/prometheus-framework/src/modules/orders/components/sections/FormCustomerDetails.vue.js +1 -1
  83. package/dist/prometheus-framework/src/modules/orders/components/sections/FormDelivery.vue.cjs +1 -1
  84. package/dist/prometheus-framework/src/modules/orders/components/sections/FormDelivery.vue.js +1 -1
  85. package/dist/prometheus-framework/src/modules/organizations/components/blocks/CardDepartment.vue.cjs +1 -1
  86. package/dist/prometheus-framework/src/modules/organizations/components/blocks/CardDepartment.vue.js +14 -14
  87. package/dist/prometheus-framework/src/modules/organizations/components/elements/ButtonToggleMembership.vue.cjs +1 -1
  88. package/dist/prometheus-framework/src/modules/organizations/components/elements/ButtonToggleMembership.vue.js +1 -1
  89. package/dist/prometheus-framework/src/modules/organizations/components/pages/DepartmentEdit.vue.cjs +1 -1
  90. package/dist/prometheus-framework/src/modules/organizations/components/pages/DepartmentEdit.vue.js +116 -94
  91. package/dist/prometheus-framework/src/modules/organizations/components/pages/Members.vue.cjs +1 -1
  92. package/dist/prometheus-framework/src/modules/organizations/components/pages/Members.vue.js +3 -3
  93. package/dist/prometheus-framework/src/modules/organizations/components/pages/OrganizationEdit.vue.cjs +1 -1
  94. package/dist/prometheus-framework/src/modules/organizations/components/pages/OrganizationEdit.vue.js +3 -3
  95. package/dist/prometheus-framework/src/modules/organizations/components/sections/Documents.vue.cjs +1 -1
  96. package/dist/prometheus-framework/src/modules/organizations/components/sections/Documents.vue.js +3 -3
  97. package/dist/prometheus-framework/src/modules/organizations/components/sections/MembersAdd.vue.cjs +1 -1
  98. package/dist/prometheus-framework/src/modules/organizations/components/sections/MembersAdd.vue.js +2 -2
  99. package/dist/prometheus-framework/src/modules/organizations/components/sections/Organizations.vue.cjs +1 -1
  100. package/dist/prometheus-framework/src/modules/organizations/components/sections/Organizations.vue.js +3 -3
  101. package/dist/prometheus-framework/src/modules/organizations/store/departments.cjs +1 -1
  102. package/dist/prometheus-framework/src/modules/organizations/store/departments.js +9 -4
  103. package/dist/prometheus-framework/src/modules/products/components/blocks/CardPosition.vue.cjs +1 -1
  104. package/dist/prometheus-framework/src/modules/products/components/blocks/CardPosition.vue.js +1 -1
  105. package/dist/prometheus-framework/src/modules/products/components/blocks/ImagesThumbnails.vue.cjs +1 -1
  106. package/dist/prometheus-framework/src/modules/products/components/blocks/ImagesThumbnails.vue.js +1 -1
  107. package/dist/prometheus-framework/src/modules/products/components/blocks/LeftoverPositions.vue.cjs +1 -1
  108. package/dist/prometheus-framework/src/modules/products/components/blocks/LeftoverPositions.vue.js +1 -1
  109. package/dist/prometheus-framework/src/modules/products/components/blocks/ListPositions.vue.cjs +1 -1
  110. package/dist/prometheus-framework/src/modules/products/components/blocks/ListPositions.vue.js +1 -1
  111. package/dist/prometheus-framework/src/modules/products/components/pages/Categories.vue.cjs +1 -1
  112. package/dist/prometheus-framework/src/modules/products/components/pages/Categories.vue.js +1 -1
  113. package/dist/prometheus-framework/src/modules/products/components/pages/CategoryEdit.vue.cjs +1 -1
  114. package/dist/prometheus-framework/src/modules/products/components/pages/CategoryEdit.vue.js +2 -2
  115. package/dist/prometheus-framework/src/modules/products/components/pages/EditLeftover.vue.cjs +1 -1
  116. package/dist/prometheus-framework/src/modules/products/components/pages/EditLeftover.vue.js +2 -2
  117. package/dist/prometheus-framework/src/modules/products/components/pages/ProductEdit.vue.cjs +1 -1
  118. package/dist/prometheus-framework/src/modules/products/components/pages/ProductEdit.vue.js +3 -3
  119. package/dist/prometheus-framework/src/modules/products/components/sections/EditModifications.vue.cjs +1 -1
  120. package/dist/prometheus-framework/src/modules/products/components/sections/EditModifications.vue.js +1 -1
  121. package/dist/prometheus-framework/src/modules/products/components/sections/EditProductInfo.vue.cjs +1 -1
  122. package/dist/prometheus-framework/src/modules/products/components/sections/EditProductInfo.vue.js +2 -2
  123. package/dist/prometheus-framework/src/modules/products/components/sections/SectionProduct.vue.cjs +1 -1
  124. package/dist/prometheus-framework/src/modules/products/components/sections/SectionProduct.vue.js +1 -1
  125. package/dist/prometheus-framework/src/modules/reports/components/sections/FormReport.vue.cjs +1 -1
  126. package/dist/prometheus-framework/src/modules/reports/components/sections/FormReport.vue.js +2 -2
  127. package/dist/prometheus-framework/src/modules/users/components/pages/Profile.vue.cjs +1 -1
  128. package/dist/prometheus-framework/src/modules/users/components/pages/Profile.vue.js +2 -2
  129. package/dist/prometheus-framework/src/modules/users/components/pages/ProfileEdit.vue.cjs +1 -1
  130. package/dist/prometheus-framework/src/modules/users/components/pages/ProfileEdit.vue.js +2 -2
  131. package/dist/prometheus-framework/src/modules/wallet/views/components/pages/Wallet.vue.cjs +1 -1
  132. package/dist/prometheus-framework/src/modules/wallet/views/components/pages/Wallet.vue.js +3 -3
  133. package/dist/prometheus-framework.cjs.js +1 -1
  134. package/dist/prometheus-framework.es.js +1 -1
  135. package/dist/style.css +1 -1
  136. package/dist/web-BDaOF322.js +1 -0
  137. package/dist/web-DtWmpLE-.mjs +54 -0
  138. package/package.json +1 -1
  139. package/src/modules/auth/controllers/auth.controller.js +68 -2
  140. package/src/modules/auth/routes/auth.routes.js +8 -1
  141. package/src/modules/auth/store/auth.js +21 -9
  142. package/src/modules/backoffice/components/pages/Dashboard.vue +6 -0
  143. package/src/modules/gallery/gallery.client.js +1 -1
  144. package/src/modules/gallery/routes/gallery.routes.js +7 -3
  145. package/src/modules/globals/mixins/mixins.js +17 -0
  146. package/src/modules/middlewares/server/verifyAccesses.js +100 -23
  147. package/src/modules/organizations/components/blocks/CardDepartment.vue +1 -1
  148. package/src/modules/organizations/components/pages/DepartmentEdit.vue +24 -2
  149. package/src/modules/organizations/components/pages/Members.vue +1 -1
  150. package/src/modules/organizations/models/department.model.js +42 -2
  151. package/src/modules/organizations/routes/departments.routes.js +1 -8
  152. package/src/modules/organizations/store/departments.js +5 -0
@@ -50,6 +50,8 @@ const { verifyAppleIdToken } = verifyAppleIdToken_1;
50
50
  const controllerFactory$3 = (db) => {
51
51
  const User = db.user;
52
52
  const Membership = db.membership;
53
+ const Department = db.department;
54
+ const Organization = db.organization;
53
55
  const Invite = db.invite;
54
56
  const Role = db.role;
55
57
  const signin = async (req, res) => {
@@ -221,10 +223,60 @@ const controllerFactory$3 = (db) => {
221
223
  return res.status(500).send({ message: err.message });
222
224
  }
223
225
  };
226
+ const checkAccesses = async (req, res) => {
227
+ try {
228
+ const uid = new db.mongoose.Types.ObjectId(req.userId);
229
+ const depts = await Department.find({ "members.user": uid });
230
+ const ownedOrgs = await Organization.find({ owner: uid });
231
+ const ownedOrgIds = ownedOrgs.map((org) => org._id.toString());
232
+ const accesses = {};
233
+ depts.forEach((dept) => {
234
+ const orgId = dept.organization.toString();
235
+ if (!accesses[orgId]) {
236
+ accesses[orgId] = {
237
+ organization: orgId,
238
+ rights: {}
239
+ };
240
+ }
241
+ const existingAccess = accesses[orgId].rights;
242
+ Object.keys(dept.accesses).forEach((key) => {
243
+ if (!existingAccess[key]) {
244
+ existingAccess[key] = {};
245
+ }
246
+ const rights = dept.accesses[key];
247
+ Object.keys(rights).forEach((right) => {
248
+ existingAccess[key][right] = existingAccess[key][right] || rights[right];
249
+ });
250
+ });
251
+ });
252
+ ownedOrgIds.forEach((orgId) => {
253
+ if (!accesses[orgId]) {
254
+ accesses[orgId] = {
255
+ organization: orgId,
256
+ rights: {}
257
+ };
258
+ }
259
+ Object.keys(depts[0].accesses).forEach((key) => {
260
+ if (!accesses[orgId].rights[key]) {
261
+ accesses[orgId].rights[key] = {};
262
+ }
263
+ Object.keys(depts[0].accesses[key]).forEach((right) => {
264
+ accesses[orgId].rights[key][right] = true;
265
+ });
266
+ });
267
+ });
268
+ const accessArray = Object.values(accesses);
269
+ res.status(200).json(accessArray);
270
+ } catch (err) {
271
+ console.error("Error getting accesses:", err);
272
+ res.status(500).json({ message: "Internal server error" });
273
+ }
274
+ };
224
275
  return {
225
276
  signin,
226
277
  signup,
227
- updatePassword
278
+ updatePassword,
279
+ checkAccesses
228
280
  };
229
281
  };
230
282
  var auth_controller = controllerFactory$3;
@@ -263,7 +315,7 @@ const middlewareFactory$1 = index.server;
263
315
  var auth_routes = function(app, db, origins) {
264
316
  const controller = controllerFactory$1(db);
265
317
  const controllerTwofa = controllerFactoryTwofa();
266
- const { verifySignUp, verifyUser } = middlewareFactory$1(db);
318
+ const { verifySignUp, verifyUser, authJwt } = middlewareFactory$1(db);
267
319
  app.post(
268
320
  "/api/auth/signup",
269
321
  [
@@ -287,6 +339,13 @@ var auth_routes = function(app, db, origins) {
287
339
  "/api/auth/update-password",
288
340
  controller.updatePassword
289
341
  );
342
+ app.get(
343
+ "/api/auth/check-accesses",
344
+ [
345
+ authJwt.verifyToken
346
+ ],
347
+ controller.checkAccesses
348
+ );
290
349
  };
291
350
  const controllerFactory = twofa_controller;
292
351
  const middlewareFactory = index.server;
@@ -49,6 +49,8 @@ const { verifyAppleIdToken } = verifyAppleIdToken_1;
49
49
  const controllerFactory$3 = (db) => {
50
50
  const User = db.user;
51
51
  const Membership = db.membership;
52
+ const Department = db.department;
53
+ const Organization = db.organization;
52
54
  const Invite = db.invite;
53
55
  const Role = db.role;
54
56
  const signin = async (req, res) => {
@@ -220,10 +222,60 @@ const controllerFactory$3 = (db) => {
220
222
  return res.status(500).send({ message: err.message });
221
223
  }
222
224
  };
225
+ const checkAccesses = async (req, res) => {
226
+ try {
227
+ const uid = new db.mongoose.Types.ObjectId(req.userId);
228
+ const depts = await Department.find({ "members.user": uid });
229
+ const ownedOrgs = await Organization.find({ owner: uid });
230
+ const ownedOrgIds = ownedOrgs.map((org) => org._id.toString());
231
+ const accesses = {};
232
+ depts.forEach((dept) => {
233
+ const orgId = dept.organization.toString();
234
+ if (!accesses[orgId]) {
235
+ accesses[orgId] = {
236
+ organization: orgId,
237
+ rights: {}
238
+ };
239
+ }
240
+ const existingAccess = accesses[orgId].rights;
241
+ Object.keys(dept.accesses).forEach((key) => {
242
+ if (!existingAccess[key]) {
243
+ existingAccess[key] = {};
244
+ }
245
+ const rights = dept.accesses[key];
246
+ Object.keys(rights).forEach((right) => {
247
+ existingAccess[key][right] = existingAccess[key][right] || rights[right];
248
+ });
249
+ });
250
+ });
251
+ ownedOrgIds.forEach((orgId) => {
252
+ if (!accesses[orgId]) {
253
+ accesses[orgId] = {
254
+ organization: orgId,
255
+ rights: {}
256
+ };
257
+ }
258
+ Object.keys(depts[0].accesses).forEach((key) => {
259
+ if (!accesses[orgId].rights[key]) {
260
+ accesses[orgId].rights[key] = {};
261
+ }
262
+ Object.keys(depts[0].accesses[key]).forEach((right) => {
263
+ accesses[orgId].rights[key][right] = true;
264
+ });
265
+ });
266
+ });
267
+ const accessArray = Object.values(accesses);
268
+ res.status(200).json(accessArray);
269
+ } catch (err) {
270
+ console.error("Error getting accesses:", err);
271
+ res.status(500).json({ message: "Internal server error" });
272
+ }
273
+ };
223
274
  return {
224
275
  signin,
225
276
  signup,
226
- updatePassword
277
+ updatePassword,
278
+ checkAccesses
227
279
  };
228
280
  };
229
281
  var auth_controller = controllerFactory$3;
@@ -262,7 +314,7 @@ const middlewareFactory$1 = server;
262
314
  var auth_routes = function(app, db, origins) {
263
315
  const controller = controllerFactory$1(db);
264
316
  const controllerTwofa = controllerFactoryTwofa();
265
- const { verifySignUp, verifyUser } = middlewareFactory$1(db);
317
+ const { verifySignUp, verifyUser, authJwt } = middlewareFactory$1(db);
266
318
  app.post(
267
319
  "/api/auth/signup",
268
320
  [
@@ -286,6 +338,13 @@ var auth_routes = function(app, db, origins) {
286
338
  "/api/auth/update-password",
287
339
  controller.updatePassword
288
340
  );
341
+ app.get(
342
+ "/api/auth/check-accesses",
343
+ [
344
+ authJwt.verifyToken
345
+ ],
346
+ controller.checkAccesses
347
+ );
289
348
  };
290
349
  const controllerFactory = twofa_controller;
291
350
  const middlewareFactory = server;
@@ -113,28 +113,80 @@ const controllerFactory$1 = (db) => {
113
113
  };
114
114
  };
115
115
  var gallery_controller = controllerFactory$1;
116
+ const middlewareFactory = (db) => {
117
+ db.user;
118
+ const Organization = db.organization;
119
+ const Department = db.department;
120
+ const verifyRead = (resource) => {
121
+ return async (req, res, next) => {
122
+ try {
123
+ const ownerOrgId = new db.mongoose.Types.ObjectId(req.query.owner);
124
+ ;
125
+ const userId = new db.mongoose.Types.ObjectId(req.userId);
126
+ const isOwnerOfOrg = await Organization.exists({
127
+ _id: ownerOrgId,
128
+ owner: userId
129
+ });
130
+ if (isOwnerOfOrg) {
131
+ return next();
132
+ }
133
+ const isMemberOfOrg = await Department.exists({
134
+ organization: ownerOrgId,
135
+ "members.user": userId
136
+ });
137
+ if (!isMemberOfOrg) {
138
+ req.query.status = "published";
139
+ } else {
140
+ const departments = await Department.find({ organization: ownerOrgId });
141
+ let hasAccess = false;
142
+ for (const department of departments) {
143
+ const accessRights = department.accesses[resource];
144
+ if (accessRights && accessRights.read) {
145
+ hasAccess = true;
146
+ break;
147
+ }
148
+ }
149
+ if (!hasAccess) {
150
+ req.query.status = "published";
151
+ }
152
+ }
153
+ next();
154
+ } catch (err) {
155
+ console.error("Access control error:", err);
156
+ return res.status(403).json({ error: "Access denied" });
157
+ }
158
+ };
159
+ };
160
+ return {
161
+ verifyRead
162
+ };
163
+ };
164
+ var verifyAccesses = middlewareFactory;
116
165
  const controllerFactory = gallery_controller;
117
166
  const middlewareFactoryGlobal = index.server;
167
+ const middlewareFactoryAccesses = verifyAccesses;
118
168
  var gallery_routes = function(app, db, origins) {
119
169
  const controller = controllerFactory(db);
120
170
  const { authJwt } = middlewareFactoryGlobal(db);
171
+ const { verifyRead } = middlewareFactoryAccesses(db);
121
172
  app.get(
122
173
  "/api/gallery/read",
174
+ [
175
+ authJwt.verifyToken,
176
+ verifyRead("gallery")
177
+ ],
123
178
  controller.read
124
179
  );
125
180
  app.post(
126
181
  "/api/gallery/create",
127
- [authJwt.verifyToken],
128
182
  controller.create
129
183
  );
130
184
  app.put(
131
185
  "/api/gallery/update",
132
- [authJwt.verifyToken],
133
186
  controller.update
134
187
  );
135
188
  app.delete(
136
189
  "/api/gallery/delete/:_id",
137
- [authJwt.verifyToken],
138
190
  controller.delete
139
191
  );
140
192
  };
@@ -112,28 +112,80 @@ const controllerFactory$1 = (db) => {
112
112
  };
113
113
  };
114
114
  var gallery_controller = controllerFactory$1;
115
+ const middlewareFactory = (db) => {
116
+ db.user;
117
+ const Organization = db.organization;
118
+ const Department = db.department;
119
+ const verifyRead = (resource) => {
120
+ return async (req, res, next) => {
121
+ try {
122
+ const ownerOrgId = new db.mongoose.Types.ObjectId(req.query.owner);
123
+ ;
124
+ const userId = new db.mongoose.Types.ObjectId(req.userId);
125
+ const isOwnerOfOrg = await Organization.exists({
126
+ _id: ownerOrgId,
127
+ owner: userId
128
+ });
129
+ if (isOwnerOfOrg) {
130
+ return next();
131
+ }
132
+ const isMemberOfOrg = await Department.exists({
133
+ organization: ownerOrgId,
134
+ "members.user": userId
135
+ });
136
+ if (!isMemberOfOrg) {
137
+ req.query.status = "published";
138
+ } else {
139
+ const departments = await Department.find({ organization: ownerOrgId });
140
+ let hasAccess = false;
141
+ for (const department of departments) {
142
+ const accessRights = department.accesses[resource];
143
+ if (accessRights && accessRights.read) {
144
+ hasAccess = true;
145
+ break;
146
+ }
147
+ }
148
+ if (!hasAccess) {
149
+ req.query.status = "published";
150
+ }
151
+ }
152
+ next();
153
+ } catch (err) {
154
+ console.error("Access control error:", err);
155
+ return res.status(403).json({ error: "Access denied" });
156
+ }
157
+ };
158
+ };
159
+ return {
160
+ verifyRead
161
+ };
162
+ };
163
+ var verifyAccesses = middlewareFactory;
115
164
  const controllerFactory = gallery_controller;
116
165
  const middlewareFactoryGlobal = server;
166
+ const middlewareFactoryAccesses = verifyAccesses;
117
167
  var gallery_routes = function(app, db, origins) {
118
168
  const controller = controllerFactory(db);
119
169
  const { authJwt } = middlewareFactoryGlobal(db);
170
+ const { verifyRead } = middlewareFactoryAccesses(db);
120
171
  app.get(
121
172
  "/api/gallery/read",
173
+ [
174
+ authJwt.verifyToken,
175
+ verifyRead("gallery")
176
+ ],
122
177
  controller.read
123
178
  );
124
179
  app.post(
125
180
  "/api/gallery/create",
126
- [authJwt.verifyToken],
127
181
  controller.create
128
182
  );
129
183
  app.put(
130
184
  "/api/gallery/update",
131
- [authJwt.verifyToken],
132
185
  controller.update
133
186
  );
134
187
  app.delete(
135
188
  "/api/gallery/delete/:_id",
136
- [authJwt.verifyToken],
137
189
  controller.delete
138
190
  );
139
191
  };