dbgate-tools
Version:
Auxiliary tools for other DbGate packages.
128 lines (127 loc) • 4.53 kB
JavaScript
;
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.sortPermissionsFromTheSameLevel = exports.getPredefinedPermissions = exports.testSubPermission = exports.testPermission = exports.getPermissionsCacheKey = exports.compilePermissions = void 0;
const escapeRegExp_1 = __importDefault(require("lodash/escapeRegExp"));
const isString_1 = __importDefault(require("lodash/isString"));
const compact_1 = __importDefault(require("lodash/compact"));
const flatten_1 = __importDefault(require("lodash/flatten"));
function compileRegexp(permissions) {
if (permissions.length == 0)
return null;
return new RegExp(permissions.map(x => '^' + (0, escapeRegExp_1.default)(x).replace(/\\\*/g, '.*') + '$').join('|'));
}
function compilePermissions(permissions) {
if (!permissions)
return null;
if ((0, isString_1.default)(permissions))
permissions = permissions.split(/,|;|\||\s/);
else
permissions = (0, flatten_1.default)(permissions.map(x => x.split(/,|;|\||\s/)));
permissions = (0, compact_1.default)(permissions.map(x => x.trim()));
let lastType = null;
let lastItems = [];
const res = {
levels: [],
};
for (const item of permissions) {
const type = item.startsWith('~') ? 'deny' : 'allow';
const perm = item.startsWith('~') ? item.substring(1) : item;
if (lastType != null && type != lastType) {
res.levels.push({
re: compileRegexp(lastItems),
type: lastType,
});
lastItems = [];
}
lastItems.push(perm);
lastType = type;
}
if (lastItems.length > 0) {
res.levels.push({
re: compileRegexp(lastItems),
type: lastType,
});
}
return res;
}
exports.compilePermissions = compilePermissions;
function getPermissionsCacheKey(permissions) {
if (!permissions)
return null;
if ((0, isString_1.default)(permissions))
return permissions;
return permissions.join('|');
}
exports.getPermissionsCacheKey = getPermissionsCacheKey;
function testPermission(tested, permissions) {
let allow = true;
if (!permissions) {
return true;
}
for (const level of permissions.levels) {
if (tested.match(level.re)) {
if (level.type == 'allow')
allow = true;
if (level.type == 'deny')
allow = false;
}
}
return allow;
}
exports.testPermission = testPermission;
function testSubPermission(tested, permissions, allowSamePermission = true) {
let result = null;
for (const permWithSign of permissions) {
const perm = permWithSign.startsWith('~') ? permWithSign.substring(1) : permWithSign;
const deny = permWithSign.startsWith('~');
if (perm.endsWith('*')) {
const prefix = perm.substring(0, perm.length - 1);
if (tested.startsWith(prefix)) {
result = !deny;
}
}
else {
if (allowSamePermission && tested == perm) {
result = !deny;
}
}
}
return result;
}
exports.testSubPermission = testSubPermission;
function getPredefinedPermissions(predefinedRoleName) {
switch (predefinedRoleName) {
case 'superadmin':
return ['*', '~widgets/*', 'widgets/admin', 'widgets/database', '~all-connections'];
case 'logged-user':
return [
'*',
'~widgets/admin',
'~admin/*',
'~internal-storage',
'~all-connections',
'~run-shell-script',
'~all-team-files/*',
];
case 'anonymous-user':
return [
'*',
'~widgets/admin',
'~admin/*',
'~internal-storage',
'~all-connections',
'~run-shell-script',
'~all-team-files/*',
];
default:
return null;
}
}
exports.getPredefinedPermissions = getPredefinedPermissions;
function sortPermissionsFromTheSameLevel(permissions) {
return [...permissions.filter(x => x.startsWith('~')), ...permissions.filter(x => !x.startsWith('~'))];
}
exports.sortPermissionsFromTheSameLevel = sortPermissionsFromTheSameLevel;