@lcap/nasl
Version:
NetEase Application Specific Language
64 lines • 2.52 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.isElementPermission = exports.hasAuthElement = void 0;
const types_1 = require("../types");
const utils_1 = require("../utils");
const nasl_concepts_1 = require("@lcap/nasl-concepts");
function hasAuthElement(object, path) {
if (!object) {
return false;
}
let has = false;
(0, nasl_concepts_1.fastTraverseNaslObjectWithStop)(object, path, (node) => {
if (node.concept === 'BindDirective' && node.name === 'auth') {
has = true;
return true;
}
});
return has;
}
exports.hasAuthElement = hasAuthElement;
exports.isElementPermission = {
name: 'is-element-permission',
afterInstruct({ object, oldObject, path, action }) {
if (!(0, utils_1.isFrontendPath)(path)) {
return types_1.RuleResult.UnMatch;
}
// 指令
if (/bindDirectives\[(\d+|name[^\]]+)\]/.test(path)) {
const data = object ?? oldObject;
// 指令情况下只有添加和删除,因为 bindRoles 和 authDescription 字段在元素自身上
if (data.name === 'auth' && data.concept === 'BindDirective') {
return types_1.RuleResult.Backend;
}
else {
return types_1.RuleResult.Frontend;
}
}
// 元素
else if (/elements\[(\d+|name[^\]]+)\](\.children\[(\d+|name[^\]]+)\])*/.test(path)) {
// 元素更新时只需要注意该元素是不是更新了这俩字段
if (action === 'update') {
if ((0, utils_1.onlyKeysInObject)(object, ['bindRoles', 'changedTime']) || (0, utils_1.onlyKeysInObject)(object, ['authDescription', 'changedTime'])) {
return types_1.RuleResult.Backend;
}
else {
return types_1.RuleResult.Frontend;
}
}
// 元素添加/删除时,需要找节点本身或者子节点内有没有权限
else {
const isBackend = hasAuthElement(object, path) || hasAuthElement(oldObject, path);
;
if (isBackend) {
return types_1.RuleResult.Backend;
}
else {
return types_1.RuleResult.Frontend;
}
}
}
return types_1.RuleResult.UnMatch;
},
};
//# sourceMappingURL=is-element-permission.js.map