mirror of
https://github.com/taobataoma/meanTorrent.git
synced 2026-01-16 20:32:21 +01:00
61 lines
1.5 KiB
JavaScript
61 lines
1.5 KiB
JavaScript
'use strict';
|
|
|
|
/**
|
|
* Module dependencies
|
|
*/
|
|
var acl = require('acl');
|
|
|
|
// Using the memory backend
|
|
acl = new acl(new acl.memoryBackend());
|
|
|
|
/**
|
|
* Invoke Admin Permissions
|
|
*/
|
|
exports.invokeRolesPolicies = function () {
|
|
acl.allow(
|
|
[
|
|
{
|
|
roles: ['admin'],
|
|
allows: [
|
|
{resources: '/api/users/:userId/role', permissions: '*'}
|
|
]
|
|
},
|
|
{
|
|
roles: ['oper', 'admin'],
|
|
allows: [
|
|
{resources: '/api/users', permissions: '*'},
|
|
{resources: '/api/users/:userId', permissions: '*'},
|
|
{resources: '/api/users/:userId/status', permissions: '*'},
|
|
{resources: '/api/users/:userId/score', permissions: '*'},
|
|
{resources: '/api/users/:userId/uploaded', permissions: '*'},
|
|
{resources: '/api/users/:userId/downloaded', permissions: '*'}
|
|
]
|
|
}
|
|
]
|
|
);
|
|
};
|
|
|
|
/**
|
|
* Check If Admin Policy Allows
|
|
*/
|
|
exports.isAllowed = function (req, res, next) {
|
|
var roles = (req.user) ? req.user.roles : ['guest'];
|
|
|
|
// Check for user roles
|
|
acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
|
|
if (err) {
|
|
// An authorization error occurred
|
|
return res.status(500).send('Unexpected authorization error');
|
|
} else {
|
|
if (isAllowed) {
|
|
// Access granted! Invoke next middleware
|
|
return next();
|
|
} else {
|
|
return res.status(403).json({
|
|
message: 'User is not authorized'
|
|
});
|
|
}
|
|
}
|
|
});
|
|
};
|