apxtrib/api/middlewares/hasAccessrighton.js

const fs = require("fs-extra");
const glob = require("glob");
const path = require("path");

const config = require("../../nationchains/tribes/conf.json");

const hasAccessrighton = (object, action, ownby) => {
  /*
	@action (mandatory) : CRUDO
	@object (mandatory)= name of a folder object in /tribeid space can be a tree for example objects/items
  @ownby (option) = list des uuid propriétaire
	return next() if all action exist in req.app.local.tokens[UUID].ACCESSRIGHTS.data[object]
  OR if last action ="O" and uuid exist in ownBy
  Careffull if you have many action CRO let O at the end this will force req.right at true if the owner try an action on this object
	
 need to check first a person exist with this alias in tribe     
 
    const person = fs.readJsonSync(
      `${conf.dirname}/nationchains/tribes/${req.session.header.xtribe}/persons/${req.session.header.xalias}.json`
    );

 
 
 
 
  */

  return (req, res, next) => {
    //console.log( 'err.stack hasAccessrights', err.statck )
    //console.log( `test accessright on object:${object} for ${req.session.header.xworkon}:`, req.app.locals.tokens[ req.session.header.xpaganid ].ACCESSRIGHTS.data[ req.session.header.xworkon ] )
    req.right = false;
    if (
      req.app.locals.tokens[req.session.header.xpaganid].ACCESSRIGHTS.data[
        req.session.header.xworkon
      ] &&
      req.app.locals.tokens[req.session.header.xpaganid].ACCESSRIGHTS.data[
        req.session.header.xworkon
      ][object]
    ) {
      req.right = true;
      [...action].forEach((a) => {
        if (a == "O" && ownby && ownby.includes(req.session.header.xpaganid)) {
          req.right = true;
        } else {
          req.right =
            req.right &&
            req.app.locals.tokens[
              req.session.header.xpaganid
            ].ACCESSRIGHTS.data[req.session.header.xworkon][object].includes(a);
        }
      });
    }
    //console.log( 'Access data autorise? ', req.right )
    if (!req.right) {
      return res.status(403).json({
        info: "forbiddenAccessright",
        ref: "headers",
        moreinfo: {
          xpaganid: req.session.header.xpaganid,
          object: object,
          xworkon: req.session.header.xworkon,
          action: action,
        },
      });
    }
    next();
  };
};
module.exports = hasAccessrighton;
update auth openpgp.js 2023-05-12 05:59:32 +00:00			`const fs = require("fs-extra");`
			`const glob = require("glob");`
			`const path = require("path");`
first new commit 2023-01-22 09:53:09 +00:00
update auth openpgp.js 2023-05-12 05:59:32 +00:00			`const config = require("../../nationchains/tribes/conf.json");`
first new commit 2023-01-22 09:53:09 +00:00
update auth openpgp.js 2023-05-12 05:59:32 +00:00			`const hasAccessrighton = (object, action, ownby) => {`
			`/*`
first new commit 2023-01-22 09:53:09 +00:00			`@action (mandatory) : CRUDO`
			`@object (mandatory)= name of a folder object in /tribeid space can be a tree for example objects/items`
			`@ownby (option) = list des uuid propriétaire`
			`return next() if all action exist in req.app.local.tokens[UUID].ACCESSRIGHTS.data[object]`
			`OR if last action ="O" and uuid exist in ownBy`
			`Careffull if you have many action CRO let O at the end this will force req.right at true if the owner try an action on this object`
update auth openpgp.js 2023-05-12 05:59:32 +00:00
			`need to check first a person exist with this alias in tribe`

			`const person = fs.readJsonSync(`
			`${conf.dirname}/nationchains/tribes/${req.session.header.xtribe}/persons/${req.session.header.xalias}.json`
			`);`





			`*/`

			`return (req, res, next) => {`
			`//console.log( 'err.stack hasAccessrights', err.statck )`
			//console.log( `test accessright on object:${object} for ${req.session.header.xworkon}:`, req.app.locals.tokens[ req.session.header.xpaganid ].ACCESSRIGHTS.data[ req.session.header.xworkon ] )
			`req.right = false;`
			`if (`
			`req.app.locals.tokens[req.session.header.xpaganid].ACCESSRIGHTS.data[`
			`req.session.header.xworkon`
			`] &&`
			`req.app.locals.tokens[req.session.header.xpaganid].ACCESSRIGHTS.data[`
			`req.session.header.xworkon`
			`][object]`
			`) {`
			`req.right = true;`
			`[...action].forEach((a) => {`
			`if (a == "O" && ownby && ownby.includes(req.session.header.xpaganid)) {`
			`req.right = true;`
			`} else {`
			`req.right =`
			`req.right &&`
			`req.app.locals.tokens[`
			`req.session.header.xpaganid`
			`].ACCESSRIGHTS.data[req.session.header.xworkon][object].includes(a);`
			`}`
			`});`
			`}`
			`//console.log( 'Access data autorise? ', req.right )`
			`if (!req.right) {`
			`return res.status(403).json({`
			`info: "forbiddenAccessright",`
			`ref: "headers",`
			`moreinfo: {`
			`xpaganid: req.session.header.xpaganid,`
			`object: object,`
			`xworkon: req.session.header.xworkon,`
			`action: action,`
			`},`
			`});`
			`}`
			`next();`
			`};`
			`};`
first new commit 2023-01-22 09:53:09 +00:00			`module.exports = hasAccessrighton;`