Skip to content

Commit

Permalink
fix(auth): fix permissions checks for auth package
Browse files Browse the repository at this point in the history
  • Loading branch information
Frantz Kati committed Nov 26, 2020
1 parent 0a56b33 commit 58ea6ab
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 17 deletions.
2 changes: 1 addition & 1 deletion examples/blog/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ module.exports = tensei()
.databaseConfig({
type: process.env.DATABASE_TYPE || 'mysql',
dbName: process.env.DATABASE_NAME || 'mikrotensei',
debug: process.env.DEBUG || false,
debug: process.env.DEBUG || true,
user: process.env.DATABASE_USER || 'mikrotensei',
password: process.env.DATABASE_PASSWORD || '',
})
36 changes: 20 additions & 16 deletions packages/auth/src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -591,7 +591,7 @@ class Auth {
].includes(path)
) {
return query.authorize(({ user }) =>
user.permissions!.includes(`insert:${slug}`)
user?.permissions?.includes(`insert:${slug}`)
)
}

Expand All @@ -602,7 +602,7 @@ class Auth {
].includes(path)
) {
return query.authorize(({ user }) =>
user.permissions!.includes(`delete:${slug}`)
user?.permissions?.includes(`delete:${slug}`)
)
}

Expand All @@ -613,19 +613,19 @@ class Auth {
].includes(path)
) {
return query.authorize(({ user }) =>
user.permissions!.includes(`update:${slug}`)
user?.permissions?.includes(`update:${slug}`)
)
}

if (path === plural) {
return query.authorize(({ user }) =>
user.permissions!.includes(`fetch:${slug}`)
user?.permissions?.includes(`fetch:${slug}`)
)
}

if (path === singular) {
return query.authorize(({ user }) =>
user.permissions!.includes(`show:${slug}`)
user?.permissions?.includes(`show:${slug}`)
)
}
}
Expand Down Expand Up @@ -702,7 +702,7 @@ class Auth {
internal
) {
return route.authorize(({ user }) =>
user.permissions!.includes(
user?.permissions?.includes(
`insert:${slugSingular}`
)
)
Expand All @@ -714,7 +714,7 @@ class Auth {
internal
) {
return route.authorize(({ user }) =>
user.permissions!.includes(
user?.permissions?.includes(
`fetch:${slugSingular}`
)
)
Expand All @@ -726,7 +726,7 @@ class Auth {
internal
) {
return route.authorize(({ user }) =>
user.permissions!.includes(
user?.permissions?.includes(
`show:${slugSingular}`
)
)
Expand All @@ -741,7 +741,7 @@ class Auth {
internal
) {
return route.authorize(({ user }) =>
user.permissions!.includes(
user?.permissions?.includes(
`update:${slugSingular}`
)
)
Expand All @@ -756,7 +756,7 @@ class Auth {
internal
) {
return route.authorize(({ user }) =>
user.permissions!.includes(
user?.permissions!.includes(
`delete:${slugSingular}`
)
)
Expand Down Expand Up @@ -1689,21 +1689,18 @@ class Auth {
slug: 'public'
},
{
populate: [this.resources.permission.data.snakeCaseNamePlural],
populate: ['permissions'],
refresh: true
}
)

if (!user) {
ctx.user = {
public: true,
[this.resources.role.data.snakeCaseNamePlural]: [
roles: [
publicRole as UserRole
],
[this.resources.permission.data
.snakeCaseNamePlural]: publicRole[
this.resources.permission.data.snakeCaseNamePlural
]
permissions: publicRole.permissions
.toJSON()
.map((permission: any) => permission.slug)
} as any
Expand Down Expand Up @@ -1761,6 +1758,13 @@ class Auth {
}
)

if (this.config.rolesAndPermissions) {
user.permissions = user.roles.reduce((acc: string[], role: UserRole) => [
...acc,
...role.permissions.map(p => p.slug)
], [])
}

ctx.user = user
} catch (error) {}
}
Expand Down
5 changes: 5 additions & 0 deletions packages/common/typings/config.d.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,11 @@ declare module '@tensei/common/config' {
id: number
name: string
slug: string
permissions: ({
id: number
name: string
slug: string
})[]
}
interface User {
id: number
Expand Down

0 comments on commit 58ea6ab

Please sign in to comment.