UNPKG

nsfw-api

Version:

NodeJS Sequelize FrameWork API

github.com/NilsBaumgartner1994/NSFW-API

NilsBaumgartner1994/NSFW-API

251 lines (214 loc) 9.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
import MyExpressRouter from "./MyExpressRouter"; import SequelizeHelper from "../helper/SequelizeHelper"; import SequelizeAssociationController from "../controllers/SequelizeAssociationController"; const AccessControl = require('accesscontrol'); /** * My Access Control is a Helper to Set all Permissions initially and to provide some helper methods. AccessControl * itself is a nice package which allows us to easily handle permissions. * Read More about it here: https://www.npmjs.com/package/accesscontrol */ export default class MyAccessControl { /** * Roles which we can use */ static roleNameGuest = "guest"; //a guest which represents someone anonymous static roleNameUser = "user"; //a user is someone registered in our system static roleNameModerator = "moderator"; //A moderator static roleNameSuperModerator = "supermoderator"; //a person which degrate other moderators static roleNameAdmin = "admin"; static roleNameOwner = "owner"; static customAccessControl; /** * Constructor * @param logger The logger * @param models The sequelize models */ constructor(logger, models) { this.logger = logger; this.logger.info("[MyAccessControl] initialising"); this.models = models; this.initialiseAccessControlInstance(); //init access control this.initialisePermissions(); // load permissions this.checkIfCustomAccessControlInstanceFound(); this.logger.info("[MyAccessControl] initialised"); } static getAccessControlResourceOfTablename(tablename){ return "RESOURCE_"+tablename; } static getAccessControlResourceOfAssociation(tablename, associationname){ return "ASSOCIATION_"+tablename+"_"+associationname; } /** * Get all Roles which are inheritated of given role * @param role The role to check * @param accessControlInstance * @returns {*|string[]} */ static getInheritedRolesOf(role, accessControlInstance) { return accessControlInstance.getInheritedRolesOf(role); } /** * Checks if a role inheritates a other role or is the same * @param ownRole The own Role we got * @param roleToCheck The role which we want to know if its inheritated * @param accessControlInstance * @returns {boolean} */ static inheritatesOrIsSameRole(ownRole, roleToCheck, accessControlInstance) { if (ownRole === roleToCheck) { //either its the same role return true; } return MyAccessControl.isFirstRoleRealyHigher(ownRole, roleToCheck, accessControlInstance); } /** * Checks is higherRole is realy higher thant the lowerRole. If the Roles are same the result will be false. * @param higherRole The role which should be higher * @param lowerRole The role which should be lower * @returns {boolean} */ static isFirstRoleRealyHigher(higherRole, lowerRole, accessControlInstance) { let inheritatedRoles = MyAccessControl.getInheritedRolesOf(higherRole, accessControlInstance); //get inheritated roles return (inheritatedRoles.indexOf(lowerRole) >= 0); //return if its contained } static getCleanAccessControlInstance(){ return new AccessControl(); } static getCleanAccessControlInstanceWithDefaultRoles(){ return MyAccessControl.addDefaultRolesToAccessControlInstance(MyAccessControl.getCleanAccessControlInstance()); } /** * Create Access Control Instance */ initialiseAccessControlInstance() { this.logger.info("[MyAccessControl] initialiseAccessControlInstance"); this.ac = MyAccessControl.getCleanAccessControlInstanceWithDefaultRoles(); } checkIfCustomAccessControlInstanceFound(){ if(!!MyAccessControl.customAccessControl){ this.ac = MyAccessControl.customAccessControl; } } static addDefaultRolesToAccessControlInstance(ac){ ac.grant(MyAccessControl.roleNameGuest); ac.grant(MyAccessControl.roleNameUser); ac.grant(MyAccessControl.roleNameUser).extend(MyAccessControl.roleNameGuest); ac.grant(MyAccessControl.roleNameModerator); ac.grant(MyAccessControl.roleNameModerator).extend(MyAccessControl.roleNameUser); ac.grant(MyAccessControl.roleNameSuperModerator); ac.grant(MyAccessControl.roleNameSuperModerator).extend(MyAccessControl.roleNameModerator); ac.grant(MyAccessControl.roleNameAdmin); ac.grant(MyAccessControl.roleNameAdmin).extend(MyAccessControl.roleNameSuperModerator); ac.grant(MyAccessControl.roleNameOwner).extend(MyAccessControl.roleNameAdmin); return ac; } /** * Get the Access Control instance */ getAccessControlInstance() { return this.ac; } /** * Initialise Permissions of all Groups */ initialisePermissions() { this.logger.info("[MyAccessControl] initialisePermissions"); let ac = this.getAccessControlInstance(); //Create the Groups in Access Control MyAccessControl.addDefaultRolesToAccessControlInstance(ac); // Init the specific permissions this.initGuestPermissions(); this.initUserPermissions(); this.initModeratorPermissions(); this.initSuperModeratorPermissions(); this.initAdminPermissions(); /** * Owner * The Owner should be allowed to do anything he wants, but thats maybe to powerfull ? */ ac.grant(MyAccessControl.roleNameOwner).extend(MyAccessControl.roleNameAdmin); this.logger.info("[MyAccessControl] initialisePermissions finished"); this.ac = ac; } /** * Init All Guest Permissions * Guest should can use minimum of functionalities */ initGuestPermissions() { let ac = this.getAccessControlInstance(); if(!!this.models.User){ let userAssociationResouce = MyAccessControl.getAccessControlResourceOfTablename(this.models.User.tableName) ac.grant(MyAccessControl.roleNameGuest).createOwn(userAssociationResouce, ["plaintextSecret"]); } } /** * Init User Permissions * * Users should have permission to set their favorite Meals * Set their allegens * Make Friends */ initUserPermissions() { let ac = this.getAccessControlInstance(); ac.grant(MyAccessControl.roleNameUser).extend(MyAccessControl.roleNameGuest); if(!!this.models.User){ let userAssociationResouce = MyAccessControl.getAccessControlResourceOfTablename(this.models.User.tableName) ac.grant(MyAccessControl.roleNameUser).readOwn(userAssociationResouce, ['id', 'onlineTime', 'privacyPolicyReadDate', 'pseudonym', 'avatar', 'language']); ac.grant(MyAccessControl.roleNameUser).updateOwn(userAssociationResouce, ['pseudonym', 'avatar', '!privacyPolicyReadDate', 'language']); // user is not allowed to change privacyPoliceReadDate manualy ac.grant(MyAccessControl.roleNameUser).deleteOwn(userAssociationResouce); } } /** * Init Moderator Permissions * * Moderators should manage to Adjust small errors in Building (like the name is wrong, a building moved */ initModeratorPermissions() { let ac = this.getAccessControlInstance(); ac.grant(MyAccessControl.roleNameModerator).extend(MyAccessControl.roleNameUser); //should be able to see who is a special person //ac.grant(MyAccessControl.roleNameModerator).readAny(MyExpressRouter.userrole_accessControlResource, ['UserID', 'RoleId']); } /** * Init Super Moderator Permissions * They should be able to assign new Moderators or to remove them */ initSuperModeratorPermissions() { let ac = this.getAccessControlInstance(); ac.grant(MyAccessControl.roleNameSuperModerator).extend(MyAccessControl.roleNameModerator); } /** * Init Admin Permissions * Admins should be able to do everything */ initAdminPermissions() { let ac = this.getAccessControlInstance(); ac.grant(MyAccessControl.roleNameAdmin).extend(MyAccessControl.roleNameSuperModerator); this.grantRoleAllPermissions(MyAccessControl.roleNameAdmin); } static getAllAccessControlResourcesOfModels(models){ let tableNames = SequelizeHelper.getModelTableNames(models); let accessControlResources = []; for(let i=0; i<tableNames.length; i++){ let tableName = tableNames[i]; let accessControlResource = MyAccessControl.getAccessControlResourceOfTablename(tableName); accessControlResources.push(accessControlResource) } return accessControlResources; } grantRoleAllPermissions(role){ let ac = this.getAccessControlInstance(); let accessControlResources = MyAccessControl.getAllAccessControlResourcesOfModels(this.models); let associationNames = SequelizeAssociationController.getForAllModelsAllAccessControlAssociationResources(this.models); let totalAdminPermission = accessControlResources.concat(associationNames); let functionPermissions = [MyExpressRouter.adminRoutes_accessControlResource]; totalAdminPermission = totalAdminPermission.concat(functionPermissions); //.push(MyExpressRouter.adminRoutes_accessControlResource); //for any general not resource based for (let i = 0; i < totalAdminPermission.length; i++) { //for all permissions allow everything let accessControl = totalAdminPermission[i]; ac.grant(role).createAny(accessControl, ['*']); ac.grant(role).readAny(accessControl, ['*']); ac.grant(role).updateAny(accessControl, ['*']); ac.grant(role).deleteAny(accessControl, ['*']); } } }