UNPKG

atlassian-connect-express

Version:

Library for building Atlassian Add-ons on top of Express

bitbucket.org/atlassian/atlassian-connect-express

94 lines (86 loc) 1.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
const _ = require("lodash"); function isContentOperationAuthorized( httpClient, accountId, contentId, operation ) { return new Promise((resolve, reject) => { // make sure the content ID is valid to prevent traversal if (!/^[A-Z0-9-]+$/i.test(contentId)) { reject(new Error("Invalid content ID")); return; } httpClient.post( { url: `/rest/api/content/${encodeURIComponent( contentId )}/permission/check`, headers: { "X-Atlassian-Token": "no-check" }, json: { subject: { type: "user", identifier: accountId }, operation } }, (err, httpResponse, body) => { if (err) { reject(err); return; } if (body.errors && body.errors.length > 0) { reject(body.errors); return; } resolve(body.hasPermission); } ); }); } function getUserOperations(httpClient, accountId) { return new Promise((resolve, reject) => httpClient.get( { url: `/rest/api/user?accountId=${encodeURIComponent( accountId )}&expand=operations`, json: true }, (err, httpResponse, body) => { if (err) { reject(err); return; } resolve(body.operations); } ) ); } function isUserOperationAuthorized( httpClient, accountId, applicationOperations ) { return getUserOperations(httpClient, accountId).then(grants => { for (const operation of applicationOperations) { if ( !_.find( grants, grant => grant.operation === operation && grant.targetType === "application" ) ) { return false; } } return true; }); } module.exports = { isContentOperationAuthorized, isUserOperationAuthorized };