UNPKG

@iredium/butterfly

Version:

Express API Framework

github.com/iredium-technologies/iredium

iredium-technologies/butterfly

77 lines (76 loc) 2.84 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
"use strict"; var __extends = (this && this.__extends) || (function () { var extendStatics = function (d, b) { extendStatics = Object.setPrototypeOf || ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; return extendStatics(d, b); }; return function (d, b) { if (typeof b !== "function" && b !== null) throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); extendStatics(d, b); function __() { this.constructor = d; } d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); }; })(); var __spreadArray = (this && this.__spreadArray) || function (to, from) { for (var i = 0, il = from.length, j = to.length; i < il; i++, j++) to[j] = from[i]; return to; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.ApiPolicy = void 0; var base_policy_1 = require("./base_policy"); var ApiPolicy = /** @class */ (function (_super) { __extends(ApiPolicy, _super); function ApiPolicy() { var _this = _super !== null && _super.apply(this, arguments) || this; _this.alwaysAllowedUserRoles = []; return _this; } ApiPolicy.prototype.index = function () { return true; }; ApiPolicy.prototype.show = function () { return true; }; ApiPolicy.prototype.create = function () { return this.isAuthenticated(); }; ApiPolicy.prototype.update = function () { return this.isResourceOwner(); }; ApiPolicy.prototype.destroy = function () { return this.isResourceOwner(); }; ApiPolicy.prototype.restore = function () { return this.isResourceOwner(); }; ApiPolicy.prototype.isResourceOwner = function () { var user = this.user ? this.user : null; var record = this.record; var alwaysAllowedUserRoles = __spreadArray([ 'root' ], this.alwaysAllowedUserRoles); // keep this above the allow non user owned resource so that public request still be blocked if (!user) { return false; } if (!record.user_id) { return true; } if (user.role) { var roles = user.role.split ? user.role.split(' ') : []; for (var _i = 0, roles_1 = roles; _i < roles_1.length; _i++) { var role = roles_1[_i]; if (alwaysAllowedUserRoles.includes(role)) { return true; } } } return user.id === record.user_id; }; return ApiPolicy; }(base_policy_1.BasePolicy)); exports.ApiPolicy = ApiPolicy;