Skip to content

Commit

Permalink
fix: allow users to list organizations (#511)
Browse files Browse the repository at this point in the history
  • Loading branch information
@nmcharlton
nmcharlton authored Feb 17, 2021
1 parent d12e48d commit f54f992
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 85 deletions.
2 changes: 1 addition & 1 deletion server/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
"migrate": "node ./dist/migrate",
"prestart": "npm run clean && npm run build",
"start": "NODE_ENV=development node .",
"start:debug": "NODE_ENV=development DEBUG=loopback:*,express:* node .",
"start:debug": "NODE_ENV=development DEBUG=loopback:*,express:* node --inspect .",
"startTest": "NODE_ENV=test npm run build && NODE_ENV=test DEBUG=loopback:* node ./dist/indexTest.js",
"prepublishOnly": "npm run test",
"test": "NODE_ENV=test jest --watchAll --runInBand",
Expand Down
130 changes: 46 additions & 84 deletions server/src/js/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -407,6 +407,14 @@ router.post('/init', async (req, res) => {
}
});

const hasPermission = (userPolicies, allowedPolicies, orgReq, organization) => {
if (orgReq && organization && organization.id > 0) {
return false;
}

return (userPolicies.some((r) => allowedPolicies.some(p => r.name === p)))
}

const isAuth = async (req, res, next) => {
//white list
const url = req.originalUrl;
Expand Down Expand Up @@ -496,98 +504,52 @@ const isAuth = async (req, res, next) => {
return next();
}


matcher = url.match(/\/api\/(organization\/(\d+)\/)?trees.*/);
if (matcher) {
if (matcher[1]) {
//organization case
if (
policies.some(
(r) =>
r.name === POLICIES.SUPER_PERMISSION ||
r.name === POLICIES.LIST_TREE ||
r.name === POLICIES.APPROVE_TREE,
)
) {
return next();
} else {
res.status(401).json({
error: new Error('No permission'),
});
return;
}
} else {
//normal case
//organizational user can not visit it directly
if (organization && organization.id > 0) {
res.status(401).json({
error: new Error('No permission'),
});
return;
}
if (
policies.some(
(r) =>
r.name === POLICIES.SUPER_PERMISSION ||
r.name === POLICIES.LIST_TREE ||
r.name === POLICIES.APPROVE_TREE,
)
) {
return next();
} else {
res.status(401).json({
error: new Error('No permission'),
});
return;
}
if (hasPermission(
policies,
[POLICIES.SUPER_PERMISSION, POLICIES.LIST_TREE, POLICIES.APPROVE_TREE],
matcher[1],
organization)) {
return next();
}

res.status(401).json({
error: new Error('No permission'),
})
return;
}

matcher = url.match(/\/api\/(organization\/(\d+)\/)?planter.*/);
if (matcher) {
if (matcher[1]) {
//organization case
if (
policies.some(
(r) =>
r.name === POLICIES.SUPER_PERMISSION ||
r.name === POLICIES.LIST_PLANTER ||
r.name === POLICIES.MANAGE_PLANTER,
)
) {
return next();
} else {
res.status(401).json({
error: new Error('No permission'),
});
return;
}
} else {
//normal case
//organizational user can not visit it directly
if (organization && organization.id > 0) {
res.status(401).json({
error: new Error('No permission'),
});
return;
} else {
if (
policies.some(
(r) =>
r.name === POLICIES.SUPER_PERMISSION ||
r.name === POLICIES.LIST_PLANTER ||
r.name === POLICIES.MANAGE_PLANTER,
)
) {
return next();
} else {
res.status(401).json({
error: new Error('No permission'),
});
return;
}
}
if (hasPermission(
policies,
[POLICIES.SUPER_PERMISSION, POLICIES.LIST_PLANTER, POLICIES.MANAGE_PLANTER],
matcher[1],
organization)) {
return next();
}

res.status(401).json({
error: new Error('No permission'),
})
return;
}

matcher = url.match(/\/api\/(organization\/(\d+)\/)?organizations.*/);
if (matcher) {
if (hasPermission(
policies,
[POLICIES.SUPER_PERMISSION, POLICIES.LIST_TREE, POLICIES.APPROVE_TREE, POLICIES.MANAGE_PLANTER],
matcher[1],
organization)) {
return next();
}

res.status(401).json({
error: new Error('No permission'),
})
return;
}
} else {
return next();
Expand Down
46 changes: 46 additions & 0 deletions server/src/js/auth.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -401,6 +401,52 @@ describe('auth', () => {

});

describe("organizations", () => {

it("/planter successfully", async () => {
const jwt = require("jsonwebtoken");
jwt.verify.mockReturnValueOnce({policy:{
policies: [{
name: "list_tree",
}],
passwordHash: "testHash",
}});
query.mockResolvedValue({rows:[{}]});
auth.helper.getActiveAdminUserRoles = jest.fn(() => Promise.resolve({rows:[{passwordHasht:"testHash"}]}));
const response = await request(app).get('/api/organizations');
expect(response.statusCode).toBe(200);
});

it("/planter 401 no permission", async () => {
const jwt = require("jsonwebtoken");
jwt.verify.mockReturnValueOnce({policy:{
policies: [{
}],
passwordHash: "testHash",
}});
query.mockResolvedValue({rows:[{}]});
auth.helper.getActiveAdminUserRoles = jest.fn(() => Promise.resolve({rows:[{passwordHasht:"testHash"}]}));
const response = await request(app).get('/api/organizations');
expect(response.statusCode).toBe(401);
});

it("/organization/planter successfully", async () => {
const jwt = require("jsonwebtoken");
jwt.verify.mockReturnValueOnce({policy:{
policies: [{
name: "manage_planter",
}],
passwordHash: "testHash",
}});
query.mockResolvedValue({rows:[{}]});
auth.helper.getActiveAdminUserRoles = jest.fn(() => Promise.resolve({rows:[{passwordHasht:"testHash"}]}));
const response = await request(app).get('/api/organization/1/organizations');
expect(response.statusCode).toBe(200);
});

});


});

});
Expand Down

0 comments on commit f54f992

Please sign in to comment.