pigallery2/backend/middlewares/user/UserRequestConstrainsMWs.ts

import {NextFunction, Request, Response} from 'express';
import {ErrorCodes, ErrorDTO} from '../../../common/entities/Error';
import {UserRoles} from '../../../common/entities/UserDTO';
import {ObjectManagerRepository} from '../../model/ObjectManagerRepository';

export class UserRequestConstrainsMWs {

  public static forceSelfRequest(req: Request, res: Response, next: NextFunction) {
    if ((typeof req.params === 'undefined') || (typeof req.params.id === 'undefined')) {
      return next();
    }
    if (req.session.user.id !== req.params.id) {
      return next(new ErrorDTO(ErrorCodes.NOT_AUTHORISED));
    }

    return next();
  }


  public static notSelfRequest(req: Request, res: Response, next: NextFunction) {
    if ((typeof req.params === 'undefined') || (typeof req.params.id === 'undefined')) {
      return next();
    }

    if (req.session.user.id === req.params.id) {
      return next(new ErrorDTO(ErrorCodes.NOT_AUTHORISED));
    }

    return next();
  }

  public static async notSelfRequestOr2Admins(req: Request, res: Response, next: NextFunction) {
    if ((typeof req.params === 'undefined') || (typeof req.params.id === 'undefined')) {
      return next();
    }

    if (req.session.user.id !== req.params.id) {
      return next();
    }

    // TODO: fix it!
    try {
      const result = await ObjectManagerRepository.getInstance().UserManager.find({minRole: UserRoles.Admin});
      if (result.length <= 1) {
        return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR));
      }
      return next();

    } catch (err) {
      return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR));
    }

  }


}
improving tests 2018-03-31 03:30:30 +08:00			`import {NextFunction, Request, Response} from 'express';`
			`import {ErrorCodes, ErrorDTO} from '../../../common/entities/Error';`
			`import {UserRoles} from '../../../common/entities/UserDTO';`
			`import {ObjectManagerRepository} from '../../model/ObjectManagerRepository';`
implementing routers and user middlewares 2016-03-20 00:31:42 +08:00
refactoring middleware rendering methods 2016-03-26 18:19:10 +08:00			`export class UserRequestConstrainsMWs {`
implementing routers and user middlewares 2016-03-20 00:31:42 +08:00
implementing sharing 2017-07-04 01:17:49 +08:00			`public static forceSelfRequest(req: Request, res: Response, next: NextFunction) {`
			`if ((typeof req.params === 'undefined') \|\| (typeof req.params.id === 'undefined')) {`
			`return next();`
implementing routers and user middlewares 2016-03-20 00:31:42 +08:00			`}`
implementing sharing 2017-07-04 01:17:49 +08:00			`if (req.session.user.id !== req.params.id) {`
implementing thumbnail settings 2017-07-15 18:47:11 +08:00			`return next(new ErrorDTO(ErrorCodes.NOT_AUTHORISED));`
implementing sharing 2017-07-04 01:17:49 +08:00			`}`

			`return next();`
			`}`
implementing routers and user middlewares 2016-03-20 00:31:42 +08:00

implementing sharing 2017-07-04 01:17:49 +08:00			`public static notSelfRequest(req: Request, res: Response, next: NextFunction) {`
			`if ((typeof req.params === 'undefined') \|\| (typeof req.params.id === 'undefined')) {`
			`return next();`
			`}`

			`if (req.session.user.id === req.params.id) {`
implementing thumbnail settings 2017-07-15 18:47:11 +08:00			`return next(new ErrorDTO(ErrorCodes.NOT_AUTHORISED));`
implementing sharing 2017-07-04 01:17:49 +08:00			`}`
source style cleanup 2016-05-09 23:04:56 +08:00
implementing sharing 2017-07-04 01:17:49 +08:00			`return next();`
			`}`
implementing routers and user middlewares 2016-03-20 00:31:42 +08:00
implementing sharing 2017-07-04 01:17:49 +08:00			`public static async notSelfRequestOr2Admins(req: Request, res: Response, next: NextFunction) {`
			`if ((typeof req.params === 'undefined') \|\| (typeof req.params.id === 'undefined')) {`
			`return next();`
implementing routers and user middlewares 2016-03-20 00:31:42 +08:00			`}`
source style cleanup 2016-05-09 23:04:56 +08:00
implementing sharing 2017-07-04 01:17:49 +08:00			`if (req.session.user.id !== req.params.id) {`
			`return next();`
implementing routers and user middlewares 2016-03-20 00:31:42 +08:00			`}`

improving tests 2018-03-31 03:30:30 +08:00			`// TODO: fix it!`
implementing sharing 2017-07-04 01:17:49 +08:00			`try {`
			`const result = await ObjectManagerRepository.getInstance().UserManager.find({minRole: UserRoles.Admin});`
			`if (result.length <= 1) {`
implementing thumbnail settings 2017-07-15 18:47:11 +08:00			`return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR));`
implementing sharing 2017-07-04 01:17:49 +08:00			`}`
			`return next();`

			`} catch (err) {`
implementing thumbnail settings 2017-07-15 18:47:11 +08:00			`return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR));`
implementing sharing 2017-07-04 01:17:49 +08:00			`}`

			`}`

implementing routers and user middlewares 2016-03-20 00:31:42 +08:00
implementing sharing 2017-07-04 01:17:49 +08:00			`}`