UNPKG

@speckle/shared

Version:

Shared code between various Speckle JS packages

speckle.systems

specklesystems/speckle-server

86 lines (78 loc) 2.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import { MaybeUserContext } from '../domain/context.js' import { Loaders } from '../domain/loaders.js' import { AuthPolicyCheckFragment, AuthPolicyEnsureFragment } from '../domain/policies.js' import { ServerNoAccessError, ServerNoSessionError, ServerNotEnoughPermissionsError } from '../domain/authErrors.js' import { Roles, ServerRoles } from '../../core/constants.js' import { err, ok } from 'true-myth/result' import { throwUncoveredError } from '../../core/index.js' import { isMinimumServerRole } from '../domain/logic/roles.js' /** * Ensure user has a minimum server role */ export const ensureMinimumServerRoleFragment: AuthPolicyEnsureFragment< typeof Loaders.getServerRole, MaybeUserContext & { /** * Defaults to lowest role - server Guest */ role?: ServerRoles }, InstanceType< | typeof ServerNoAccessError | typeof ServerNoSessionError | typeof ServerNotEnoughPermissionsError > > = (loaders) => async ({ userId, role }) => { if (!userId?.length) return err(new ServerNoSessionError()) const requiredServerRole = role || Roles.Server.Guest const isLowestRequestedRole = ( [Roles.Server.Guest, Roles.Server.ArchivedUser] as string[] ).includes(requiredServerRole) const userServerRole = await loaders.getServerRole({ userId }) if (!userServerRole) return err(new ServerNoAccessError()) const hasRequiredRole = isMinimumServerRole(userServerRole, requiredServerRole) return hasRequiredRole ? ok() : err( isLowestRequestedRole ? new ServerNoAccessError() : new ServerNotEnoughPermissionsError() ) } /** * Check if user has admin override enabled */ export const checkIfAdminOverrideEnabledFragment: AuthPolicyCheckFragment< typeof Loaders.getAdminOverrideEnabled | typeof Loaders.getServerRole, MaybeUserContext, never > = (loaders) => async ({ userId }) => { const adminOverrideAvailable = await loaders.getAdminOverrideEnabled() if (!adminOverrideAvailable) return ok(false) const hasAdminRole = await ensureMinimumServerRoleFragment(loaders)({ userId, role: Roles.Server.Admin }) if (hasAdminRole.isErr) { switch (hasAdminRole.error.code) { case ServerNoAccessError.code: case ServerNoSessionError.code: case ServerNotEnoughPermissionsError.code: return ok(false) default: throwUncoveredError(hasAdminRole.error) } } return ok(true) }