@paroicms/server/dist/admin-backend/auth/authorization.helper.js

The ParoiCMS server

import { ApiError } from "@paroicms/public-server-lib";
import { authenticateWithPat } from "../../personal-access-token/pat-auth.helper.js";
import { authGuard } from "./auth.helper.js";
import { ADMIN_PERMISSIONS, EDITOR_PERMISSIONS } from "./authorization.constants.js";
import { loadAccountRoles } from "./special-account.helper.js";
function getRolePermissions(role) {
    switch (role) {
        case "admin":
            return ADMIN_PERMISSIONS;
        case "editor":
            return EDITOR_PERMISSIONS;
        default:
            return [];
    }
}
export async function permissionGuard(siteContext, httpContext, requiredPermission) {
    const payload = authGuard(httpContext);
    const roles = await loadAccountRoles(siteContext, payload);
    const permissions = [...new Set(roles.flatMap((role) => getRolePermissions(role)))];
    if (!permissions.includes(requiredPermission)) {
        throw new ApiError("Forbidden: insufficient permissions", 403);
    }
    return {
        accountId: payload.id,
        roles,
        permissions,
        ...payload,
    };
}
export async function permissionPatGuard(siteContext, pat, requiredPermission) {
    const authResult = await authenticateWithPat(siteContext.cn, pat);
    const account = { id: authResult.accountId, email: authResult.email };
    const roles = await loadAccountRoles(siteContext, account);
    const permissions = [...new Set(roles.flatMap((role) => getRolePermissions(role)))];
    if (!permissions.includes(requiredPermission)) {
        throw new ApiError("Forbidden: insufficient permissions", 403);
    }
    return {
        id: authResult.accountId,
        accountId: authResult.accountId,
        email: authResult.email,
        fqdn: siteContext.fqdn,
        loginMethod: "pat",
        roles,
        permissions,
    };
}
//# sourceMappingURL=authorization.helper.js.map