Nemcio/meanTorrent
1
0
Fork 0
mirror of https://github.com/taobataoma/meanTorrent.git synced 2026-02-06 06:29:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
97156ff4908c0a936749521bf30e273494de4b05
meanTorrent/modules/requests/server/policies/requests.server.policy.js

68 lines
2.1 KiB
JavaScript
Raw Blame History

'use strict';
/**
* Module dependencies
*/
var acl = require('acl');
// Using the memory backend
acl = new acl(new acl.memoryBackend());
/**
* Invoke Articles Permissions
*/
exports.invokeRolesPolicies = function () {
acl.allow([{
roles: ['oper', 'admin'],
allows: [
{resources: '/api/requests', permissions: '*'},
{resources: '/api/requests/:requestId', permissions: '*'},
{resources: '/api/requests/:requestId/accept/:torrentId', permissions: '*'},
{resources: '/api/reqComments/:requestId', permissions: '*'},
{resources: '/api/reqComments/:requestId/:commentId', permissions: '*'},
{resources: '/api/reqComments/:requestId/:commentId/:subCommentId', permissions: '*'}
]
}, {
roles: ['user'],
allows: [
{resources: '/api/requests', permissions: '*'},
{resources: '/api/requests/:requestId', permissions: '*'},
{resources: '/api/requests/:requestId/accept/:torrentId', permissions: '*'},
{resources: '/api/reqComments/:requestId', permissions: ['post']},
{resources: '/api/reqComments/:requestId/:commentId', permissions: ['post', 'put', 'delete']},
{resources: '/api/reqComments/:requestId/:commentId/:subCommentId', permissions: ['put', 'delete']}
]
}]);
};
/**
* Check If Articles Policy Allows
*/
exports.isAllowed = function (req, res, next) {
var roles = (req.user) ? req.user.roles : ['guest'];
// If an article is being processed and the current user created it then allow any manipulation
if (req.request && req.user && req.request.user && req.request.user.id === req.user.id) {
return next();
}
// Check for user roles
acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) {
if (err) {
// An authorization error occurred
return res.status(500).send('Unexpected authorization error');
} else {
if (isAllowed) {
// Access granted! Invoke next middleware
return next();
} else {
return res.status(403).json({
message: 'User is not authorized'
});
}
}
});
};
Reference in New Issue View Git Blame Copy Permalink