npm - @ozdao/prometheus-framework - Versions diffs - 0.2.126 → 0.2.128 - Mend

@ozdao/prometheus-framework 0.2.126 → 0.2.128

Files changed (152) hide show

package/src/modules/gallery/routes/gallery.routes.js CHANGED Viewed

@@ -2,32 +2,36 @@
 const controllerFactory = require("../controllers/gallery.controller");
 // Middlewares
 const middlewareFactoryGlobal = require('@pf/src/modules/middlewares/server');
+const middlewareFactoryAccesses = require('@pf/src/modules/middlewares/server/verifyAccesses')
 module.exports = function(app, db, origins) {
   const controller = controllerFactory(db);
   const { authJwt } = middlewareFactoryGlobal(db);
+  const { verifyRead } = middlewareFactoryAccesses(db)
   app.get(
     "/api/gallery/read",
+    [
+      authJwt.verifyToken,
+      verifyRead('gallery'),
+    ],
     controller.read
   );
   app.post(
     "/api/gallery/create",
-    [authJwt.verifyToken],
     controller.create
   );
   app.put(
     "/api/gallery/update",
-    [authJwt.verifyToken],
     controller.update
   );
   app.delete(
     "/api/gallery/delete/:_id",
-    [authJwt.verifyToken],
     controller.delete
   );
 };

package/src/modules/globals/mixins/mixins.js CHANGED Viewed

@@ -1,6 +1,23 @@
 // mixins.js
 export const globalMixins = {
   methods: {
+    hasAccess(organizationId, rightCategory, rightType, accesses) {
+      const accessArray = accesses;
+      const organizationAccess = accessArray.find(access => access.organization === organizationId);
+      if (!organizationAccess) {
+        return false;
+      }
+      const categoryAccess = organizationAccess.rights[rightCategory];
+      if (!categoryAccess) {
+        return false;
+      }
+      return categoryAccess[rightType] === true;
+    },
     returnCurrency() {
       const currency = '฿'
       return currency

package/src/modules/middlewares/server/verifyAccesses.js CHANGED Viewed

@@ -1,33 +1,110 @@
-const ReadDepartments = require('./accessors/ReadDepartments');
+const middlewareFactory = (db) => {
+  const User = db.user;
+  const Organization = db.organization;
+  const Department = db.department;
-module.exports = (db) => {
-  // Объекты посредников
-  const instances = [];
+  const verifyRead = (resource) => {
+    return async (req, res, next) => {
+      try {
+        // Получаем идентификатор организации из запроса
+        const ownerOrgId = new db.mongoose.Types.ObjectId(req.query.owner);;
-  // Регистрация посредников отвечающий за проверку прав доступа
-  const middlewares = [
-    ReadDepartments,
-  ];
+        // Получаем текущего пользователя
+        const userId = new db.mongoose.Types.ObjectId(req.userId);
-  let nextMiddleware = null;
+        // Проверяем, является ли пользователь владельцем организации
+        const isOwnerOfOrg = await Organization.exists({
+          _id: ownerOrgId,
+          owner: userId
+        });
-  // Собираем цепочку посредников
-  for (let i = middlewares.length - 1; i >= 0; i--) {
-    const Middleware = middlewares[i];
-    const middleware = new Middleware();
+        // Если пользователь является владельцем организации, ему разрешен доступ ко всем ресурсам
+        if (isOwnerOfOrg) {
+          return next();
+        }
-    // Передаем в посредники параметры
-    middleware.db = db;
+        // Проверяем, является ли пользователь членом организации через департаменты
+        const isMemberOfOrg = await Department.exists({
+          organization: ownerOrgId,
+          'members.user': userId
+        });
-    // Добавляем звено следующего посредника
-    middleware.next = nextMiddleware;
-    // Добавляем middleware в начало массива.
-    instances.unshift(middleware);
+        if (!isMemberOfOrg) {
+          // Если пользователь не является членом организации, ограничиваем доступ к опубликованным ресурсам
+          req.query.status = 'published';
+        } else {
+          // Пользователь является членом организации, проверяем его права доступа
-    nextMiddleware = middleware;
-  }
+          // Находим все департаменты данной организации, к которым относится пользователь
+          const departments = await Department.find({ organization: ownerOrgId });
-  // Запускам цепочку зарегестрированных посредников
-  return (rule, entity) => instances[0].check(rule, entity);
+          // Проверяем доступ пользователя ко всем ресурсам
+          let hasAccess = false;
+          for (const department of departments) {
+            const accessRights = department.accesses[resource];
+            if (accessRights && accessRights.read) {
+              // Если хотя бы в одном департаменте есть права на чтение ресурса, разрешаем доступ
+              hasAccess = true;
+              break;
+            }
+          }
+          if (!hasAccess) {
+            // Если у пользователя нет прав на чтение данного ресурса ни в одном департаменте, ограничиваем доступ к опубликованным ресурсам
+            req.query.status = 'published';
+          }
+        }
+        next();
+      } catch (err) {
+        console.error('Access control error:', err);
+        return res.status(403).json({ error: 'Access denied' });
+      }
+    };
+  };
+   // Middleware для проверки доступа
+  const verifyModify = (action, resource) => {
+    return async (req, res, next) => {
+      try {
+        const user = req.userId;
+        const department = await Department.findOne({
+          owner: organizationId
+        });
+        if (!department) {
+          return res.status(403).json({
+            message: "Access forbidden"
+          });
+        }
+        const accesses = department.accesses;
+        // Проверяем права доступа пользователя к ресурсу
+        const resourceAccess = accesses[resource];
+        if (!resourceAccess || !resourceAccess[action]) {
+          return res.status(403).json({
+            message: "Access forbidden"
+          });
+        }
+        next();
+      } catch (error) {
+        console.error("Access control error:", error);
+        return res.status(500).json({
+          message: "Internal server error"
+        });
+      }
+    };
+  };
+  return {
+    verifyRead,
+  };
 };
+module.exports = middlewareFactory;

package/src/modules/organizations/components/blocks/CardDepartment.vue CHANGED Viewed

@@ -32,7 +32,7 @@
       <ul>
         <li v-if="department.members.length < 1">No members in department</li>
         <User
-          class="pd-small br-solid br-1px br-black-transp-5 radius-small mn-b-thin"
+          class="h-4r pd-small br-solid br-1px br-black-transp-5 radius-small mn-b-thin"
           v-for="(member, index) in department.members"
           :key="index"
           :user="member.user"

package/src/modules/organizations/components/pages/DepartmentEdit.vue CHANGED Viewed

@@ -54,7 +54,7 @@
       class="cols-1 gap-thin mn-b-thin"
     >
       <CardUser
-        class="bg-white pd-thin radius-medium w-100"
+        class="h-4r bg-white pd-thin radius-medium w-100"
         v-for="(member, index) in departments.state.department.members"
         :key="index"
         :user="member.user"
@@ -110,7 +110,7 @@
             globals.actions.add(departments.state.department.members, { _id: user.user._id, user: user.user, position: 'Member'})
             closeMemberPopup();
           }"
-          class="bg-white pd-thin radius-medium w-100 mn-b-thin"
+          class="h-4r bg-white pd-thin radius-medium w-100 mn-b-thin"
         />
       </Feed>
     </Popup>
@@ -139,6 +139,28 @@
           <p class="p-medium mn-b-small">Please select organization accesses for user in department:</p>
           <div class="cols-1 gap-thin">
+            <h4>Gallery</h4>
+            <Checkbox
+              label="Read gallery"
+              name="readProducts"
+              class="w-100 mn-r-small bg-white radius-small pd-small"
+              :radio="departments.state.department.accesses.gallery.read"
+              @update:radio="updated => (departments.state.department.accesses.gallery.read = !departments.state.department.accesses.gallery.read)"
+            />
+            <Checkbox
+              label="Edit gallery"
+              name="editProducts"
+              class="w-100 mn-r-small bg-white radius-small pd-small"
+              :radio="departments.state.department.accesses.gallery.edit"
+              @update:radio="updated => (departments.state.department.accesses.gallery.edit = !departments.state.department.accesses.gallery.edit)"
+            />
+            <Checkbox
+              label="Delete gallery"
+              name="deleteProducts"
+              class="w-100 bg-white radius-small pd-small"
+              :radio="departments.state.department.accesses.gallery.delete"
+              @update:radio="updated => (departments.state.department.accesses.gallery.delete = !departments.state.department.accesses.gallery.delete)"
+            />
             <h4>Products</h4>
             <Checkbox
               label="Read products"

package/src/modules/organizations/components/pages/Members.vue CHANGED Viewed

@@ -151,7 +151,7 @@
               },
               method: () => removeInvite(index, invite)
             }"
-            class="w-100 bg-light radius-big flex-nowrap flex pd-medium"
+            class="h-4r w-100 bg-light radius-big flex-nowrap flex pd-medium"
           />
         </Feed>
       </div>

package/src/modules/organizations/models/department.model.js CHANGED Viewed

@@ -28,6 +28,48 @@ module.exports = (mongoose) => {
     },
     accesses: {
+      members: {
+        read: {
+          type: Boolean,
+          default: false,
+        },
+        edit: {
+          type: Boolean,
+          default: false,
+        },
+        delete: {
+          type: Boolean,
+          default: false,
+        },
+      },
+      gallery: {
+        read: {
+          type: Boolean,
+          default: false,
+        },
+        edit: {
+          type: Boolean,
+          default: false,
+        },
+        delete: {
+          type: Boolean,
+          default: false,
+        },
+      },
+      leftovers: {
+        read: {
+          type: Boolean,
+          default: false,
+        },
+        edit: {
+          type: Boolean,
+          default: false,
+        },
+        delete: {
+          type: Boolean,
+          default: false,
+        },
+      },
       products: {
         read: {
           type: Boolean,
@@ -42,7 +84,6 @@ module.exports = (mongoose) => {
           default: false,
         },
       },
       orders: {
         read: {
           type: Boolean,
@@ -57,7 +98,6 @@ module.exports = (mongoose) => {
           default: false,
         },
       },
       departments: {
         read: {
           type: Boolean,

package/src/modules/organizations/routes/departments.routes.js CHANGED Viewed

@@ -1,19 +1,12 @@
 // Factories
 const controllerFactory = require("../controllers/departments.controller")
-// Middlewares
-const accessMiddlewaresFactory = require('@pf/src/modules/middlewares/server/verifyAccesses')
 // Routes
 module.exports = function(app, db) {
   const controller = controllerFactory(db)
-  const verifyAccesses = accessMiddlewaresFactory(db)
   // Get organization departments by _id
   app.get(
     "/api/departments/read",
-    // [
-    //   verifyAccesses('read', 'departments'),
-    // ],
     controller.read
   );

package/src/modules/organizations/store/departments.js CHANGED Viewed

@@ -34,6 +34,11 @@ const state = reactive({
     // Accesses
     hidden: false,
     accesses: {
+      gallery: {
+        read: false,
+        edit: false,
+        delete: false,
+      },
       products: {
         read: false,
         edit: false,