-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest.js
128 lines (111 loc) · 3.07 KB
/
test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
const { env } = require('process')
// test permissions function
function hasPermission(permission, scope = undefined) {
if (!env['SCOPE'])
env['SCOPE'] = 'RIP'
console.info(permission, scope)
// if no scope is defined we shall use any * value for the current app
if (!scope)
scope = env['SCOPE']
if (!this.jwt['roles'] || !Array.isArray(this.jwt['roles']))
return false
console.debug('jwt.roles', this.jwt['roles'])
console.debug('env.SCOPE', env['SCOPE'], env['SCOPE'].split('/')[0])
// get all roles for current app scope, be sure to take only first part from scope
const roles = this.jwt['roles']
.filter(x => x.split(':')[1].startsWith(env['SCOPE'].split('/')[0]))
console.debug('roles', roles)
return roles.some(x => {
const parts = x.split(':')
const role = parts[0]
const scopes = parts[1].split('/')
const reqScopes = scope.split('/')
console.debug('role', role)
console.debug('scopes', scopes)
console.debug('reqScopes', reqScopes)
if (permissions[role].some((perm) => perm == permission)) {
for (let i = 0; i < reqScopes.length; i++) {
const scope = scopes[i]
const reqScope = reqScopes[i]
if (
i === 0 &&
scope === reqScope
) {
console.debug('i === 0 and scopes match; ', scope, reqScope)
continue
} else if (
greaterThanZero(i) &&
scope === reqScope &&
i + 1 !== reqScopes.length
) {
console.debug('greaterThanZero(i) and scopes match or length not satisfied; ', scope, reqScope)
console.debug(reqScopes.length, i - 1)
continue
} else if (
greaterThanZero(i) &&
(
(
scope === reqScope &&
i + 1 === reqScopes.length
) ||
scope === '*'
)
) {
return true
}
}
}
return false
})
}
function greaterThanZero(number) { return number > 0 }
// fixed permissions per role
const permissions = {
'admin': [
'read_all',
'read',
'write_all',
'write',
'delete_all',
'delete',
],
'moderator': [
'read_all',
'read',
'write_all',
'write',
'delete',
],
'contributor': [
'read_all',
'read',
'write',
'delete',
],
'user': [
'read',
'write',
],
'guest': [
'read',
]
}
console.debug = () => { }
const test = {
jwt: {
roles: [
'admin:GroupClaes.PCM/*'
]
},
hasPermission
}
env['SCOPE'] = 'GroupClaes.PCM'
console.log(test.hasPermission('read', 'GroupClaes.PCM/brabopak/users'))
console.log(test.hasPermission('write', 'GroupClaes.PCM/brabopak/users'))
console.log(test.hasPermission('delete', 'GroupClaes.PCM/brabopak/users'))
console.log(test.hasPermission('read', 'GroupClaes.PCM/document'))
console.log(test.hasPermission('write', 'GroupClaes.PCM/document'))
console.log(test.hasPermission('read', 'GroupClaes.PCM/*'))
console.log(test.hasPermission('write', 'GroupClaes.PCM/*'))
console.log(test.hasPermission('read'))
console.log(test.hasPermission('write'))