UNPKG

@xrengine/server-core

Version:

Shared components for XREngine server

github.com/XRFoundation/XREngine

XRFoundation/XREngine

47 lines (41 loc) 1.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import { BadRequest, Forbidden } from '@feathersjs/errors' import { HookContext } from '@feathersjs/feathers' import { UserInterface } from '@xrengine/common/src/interfaces/User' import { Application } from '../../declarations' import { UnauthenticatedException } from '../util/exceptions/exception' export default () => { return async (context: HookContext<Application>) => { if (context.params.isInternal) return context const loggedInUser = context.params.user as UserInterface if (!loggedInUser) throw new UnauthenticatedException('No logged in user') if (loggedInUser.scopes && loggedInUser.scopes.find((scope) => scope.type === 'admin:admin')) return context const app = context.app const projectId = context.service === 'project' ? context.id : context.id && typeof context.id === 'string' ? ( await app.service('project-permission').Model.findOne({ where: { id: context.id } }) ).projectId : context.data.id || context.data.projectId const project = await app.service('project').Model.findOne({ where: { id: projectId } }) if (!project) throw new BadRequest('Invalid project ID') const projectPermission = await app.service('project-permission').Model.findOne({ where: { userId: loggedInUser.id, projectId: projectId } }) if (!projectPermission || projectPermission.type !== 'owner') throw new Forbidden('You are not an owner of this project') return context } }