Add per-server permissions

2026-06-10 14:22:46 +02:00 · 2022-11-09 01:52:08 -08:00
parent 73e6002cc7
commit 581ef32845
13 changed files with 371 additions and 139 deletions
@@ -0,0 +1,40 @@
+import { ServerPermission, ServerPermissionType } from '@prisma/client';
+import { NextFunction, Request, Response } from 'express';
+
+export const authenticateServerAdmin = (
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  if (!req.params.serverId) {
+    return res.status(403).json({
+      error: {
+        message: 'Server id is required.',
+        path: req.path,
+      },
+      response: 'Error',
+      statusCode: 403,
+    });
+  }
+
+  if (req.authUser.isAdmin || req.authUser.isSuperAdmin) {
+    return next();
+  }
+
+  const permission = req.authUser.serverPermissions.find(
+    (p: ServerPermission) => p.serverId === req.params.serverId
+  )?.type;
+
+  if (permission !== ServerPermissionType.ADMIN) {
+    return res.status(403).json({
+      error: {
+        message: 'This action requires "Admin" server permissions.',
+        path: req.path,
+      },
+      response: 'Error',
+      statusCode: 403,
+    });
+  }
+
+  return next();
+};
@@ -0,0 +1,43 @@
+import { ServerPermission, ServerPermissionType } from '@prisma/client';
+import { NextFunction, Request, Response } from 'express';
+
+export const authenticateServerEditor = (
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  if (!req.params.serverId) {
+    return res.status(403).json({
+      error: {
+        message: 'Server id is required.',
+        path: req.path,
+      },
+      response: 'Error',
+      statusCode: 403,
+    });
+  }
+
+  if (req.authUser.isAdmin || req.authUser.isSuperAdmin) {
+    return next();
+  }
+
+  const permission = req.authUser.serverPermissions.find(
+    (p: ServerPermission) => p.serverId === req.params.serverId
+  )?.type;
+
+  if (
+    permission !== ServerPermissionType.EDITOR &&
+    permission !== ServerPermissionType.ADMIN
+  ) {
+    return res.status(403).json({
+      error: {
+        message: 'This action requires "Editor" server permissions.',
+        path: req.path,
+      },
+      response: 'Error',
+      statusCode: 403,
+    });
+  }
+
+  return next();
+};
@@ -0,0 +1,40 @@
+import { ServerPermission, ServerPermissionType } from '@prisma/client';
+import { NextFunction, Request, Response } from 'express';
+
+export const authenticateServerViewer = (
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  if (!req.params.serverId) {
+    return res.status(403).json({
+      error: {
+        message: 'Server id is required.',
+        path: req.path,
+      },
+      response: 'Error',
+      statusCode: 403,
+    });
+  }
+
+  if (req.authUser.isAdmin || req.authUser.isSuperAdmin) {
+    return next();
+  }
+
+  const permission = req.authUser.serverPermissions.find(
+    (p: ServerPermission) => p.serverId === req.params.serverId
+  )?.type;
+
+  if (permission === undefined) {
+    return res.status(403).json({
+      error: {
+        message: 'This action requires "Viewer" server permissions.',
+        path: req.path,
+      },
+      response: 'Error',
+      statusCode: 403,
+    });
+  }
+
+  return next();
+};
@@ -0,0 +1,20 @@
+import { NextFunction, Request, Response } from 'express';
+
+export const authenticateSuperAdmin = (
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  if (!req.authUser.isSuperAdmin) {
+    return res.status(403).json({
+      error: {
+        message: 'This action requires an administrator account.',
+        path: req.path,
+      },
+      response: 'Error',
+      statusCode: 403,
+    });
+  }
+
+  return next();
+};
@@ -1,3 +1,7 @@
 export * from './error-handler';
 export * from './authenticate';
 export * from './authenticate-admin';
+export * from './authenticate-super-admin';
+export * from './authenticate-server-admin';
+export * from './authenticate-server-editor';
+export * from './authenticate-server-viewer';