2019-07-27 00:05:47 +08:00
|
|
|
'use strict';
|
|
|
|
|
2019-10-04 00:24:39 +08:00
|
|
|
const pgEntitiesAccessValidator = require('../../services/pg-entities-access-validator');
|
2019-07-27 00:05:47 +08:00
|
|
|
|
|
|
|
module.exports = function accessValidator () {
|
|
|
|
return function accessValidatorMiddleware (req, res, next) {
|
|
|
|
const { affectedTables, authorizationLevel } = res.locals;
|
|
|
|
|
2019-12-24 01:19:08 +08:00
|
|
|
if (!pgEntitiesAccessValidator.validate(affectedTables, authorizationLevel)) {
|
2019-07-27 00:05:47 +08:00
|
|
|
const error = new SyntaxError('system tables are forbidden');
|
|
|
|
error.http_status = 403;
|
|
|
|
|
|
|
|
return next(error);
|
|
|
|
}
|
|
|
|
|
|
|
|
return next();
|
|
|
|
};
|
|
|
|
};
|