93 lines
2.6 KiB
JavaScript
93 lines
2.6 KiB
JavaScript
|
|
import { Meteor } from 'meteor/meteor';
|
|
import { check } from 'meteor/check';
|
|
import deepMerge from '/imports/utils/deepMerge';
|
|
|
|
export default class Acl {
|
|
constructor(config, Users) {
|
|
this.Users = Users;
|
|
this.config = config;
|
|
}
|
|
|
|
can(permission, credentials) {
|
|
check(permission, String);
|
|
const permissions = this.getPermissions(credentials);
|
|
|
|
return this.checkToken(credentials) && this.fetchPermission(permission, permissions);
|
|
}
|
|
|
|
checkToken(credentials) {
|
|
// skip token check in client `can` calls since we dont have the authToken in the collection
|
|
if (!Meteor.isServer) return true;
|
|
|
|
const { meetingId, requesterUserId: userId, requesterToken: authToken } = credentials;
|
|
|
|
const User = this.Users.findOne({
|
|
meetingId,
|
|
userId,
|
|
authToken,
|
|
validated: true,
|
|
connectionStatus: 'online',
|
|
// TODO: We cant check for approved until we move subscription login out of <Base /> // TODO 4767
|
|
// approved: true,
|
|
});
|
|
|
|
return !!User; // if he found a user means the meeting/user/token is valid
|
|
}
|
|
|
|
fetchPermission(permission, permissions) {
|
|
if (!permission) return false;
|
|
|
|
if (Match.test(permissions, String)) {
|
|
return permissions.indexOf(permission) > -1;
|
|
} else if (Match.test(permissions, Array)) {
|
|
return permissions.some(internalAcl => (this.fetchPermission(permission, internalAcl)));
|
|
} else if (Match.test(permissions, Object)) {
|
|
if (permission.indexOf('.') > -1) {
|
|
return this.fetchPermission(
|
|
permission.substring(permission.indexOf('.') + 1),
|
|
permissions[permission.substring(0, permission.indexOf('.'))],
|
|
);
|
|
}
|
|
return permissions[permission];
|
|
}
|
|
return false;
|
|
}
|
|
|
|
getPermissions(credentials) {
|
|
if (!credentials) {
|
|
return false;
|
|
}
|
|
|
|
const { meetingId, requesterUserId: userId } = credentials;
|
|
|
|
const user = this.Users.findOne({
|
|
meetingId,
|
|
userId,
|
|
});
|
|
|
|
const containRole = Acl.containsRole(user);
|
|
|
|
if (containRole) {
|
|
const { roles } = user;
|
|
let permissions = {};
|
|
|
|
roles.forEach((role) => {
|
|
// There is a big issue here, if we just send the content from the this.config
|
|
// inside the deepMerge, we change both permissions and the config.
|
|
// Couldn't find a better way to prevent the changing.
|
|
// The problems occurs in the `sources.shift()`.
|
|
permissions = deepMerge(permissions, JSON.parse(JSON.stringify(this.config[role])));
|
|
});
|
|
|
|
return permissions;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
static containsRole(user) {
|
|
return Match.test(user, Object) &&
|
|
Match.test(user.roles, Array);
|
|
}
|
|
}
|