mirror of
https://github.com/xuthus83/pigallery2.git
synced 2024-11-03 21:04:03 +08:00
57 lines
1.6 KiB
TypeScript
57 lines
1.6 KiB
TypeScript
import {NextFunction, Request, Response} from "express";
|
|
import {ErrorCodes, ErrorDTO} from "../../../common/entities/Error";
|
|
import {UserRoles} from "../../../common/entities/UserDTO";
|
|
import {ObjectManagerRepository} from "../../model/ObjectManagerRepository";
|
|
|
|
export class UserRequestConstrainsMWs {
|
|
|
|
public static forceSelfRequest(req: Request, res: Response, next: NextFunction) {
|
|
if ((typeof req.params === 'undefined') || (typeof req.params.id === 'undefined')) {
|
|
return next();
|
|
}
|
|
if (req.session.user.id !== req.params.id) {
|
|
return next(new ErrorDTO(ErrorCodes.NOT_AUTHORISED));
|
|
}
|
|
|
|
return next();
|
|
}
|
|
|
|
|
|
public static notSelfRequest(req: Request, res: Response, next: NextFunction) {
|
|
if ((typeof req.params === 'undefined') || (typeof req.params.id === 'undefined')) {
|
|
return next();
|
|
}
|
|
|
|
if (req.session.user.id === req.params.id) {
|
|
return next(new ErrorDTO(ErrorCodes.NOT_AUTHORISED));
|
|
}
|
|
|
|
return next();
|
|
}
|
|
|
|
public static async notSelfRequestOr2Admins(req: Request, res: Response, next: NextFunction) {
|
|
if ((typeof req.params === 'undefined') || (typeof req.params.id === 'undefined')) {
|
|
return next();
|
|
}
|
|
|
|
if (req.session.user.id !== req.params.id) {
|
|
return next();
|
|
}
|
|
|
|
//TODO: fix it!
|
|
try {
|
|
const result = await ObjectManagerRepository.getInstance().UserManager.find({minRole: UserRoles.Admin});
|
|
if (result.length <= 1) {
|
|
return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR));
|
|
}
|
|
return next();
|
|
|
|
} catch (err) {
|
|
return next(new ErrorDTO(ErrorCodes.GENERAL_ERROR));
|
|
}
|
|
|
|
}
|
|
|
|
|
|
}
|