yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-07-18 22:45:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/packages/plugins/users-permissions/server/policies/permissions.js
Alexandre Bodin 575cbbdc7c Migrate plugin getters
2021-08-19 23:30:49 +02:00

95 lines
2.2 KiB
JavaScript
Raw Blame History

'use strict';
const _ = require('lodash');
const { getService } = require('../utils');
module.exports = async (ctx, next) => {
let role;
if (ctx.state.user) {
// request is already authenticated in a different way
return next();
}
if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
try {
const { id } = await getService('jwt').getToken(ctx);
if (id === undefined) {
throw new Error('Invalid token: Token did not contain required fields');
}
// fetch authenticated user
ctx.state.user = await getService('user').fetchAuthenticatedUser(id);
} catch (err) {
return handleErrors(ctx, err, 'unauthorized');
}
if (!ctx.state.user) {
return handleErrors(ctx, 'User Not Found', 'unauthorized');
}
role = ctx.state.user.role;
if (role.type === 'root') {
return await next();
}
const store = await strapi.store({
environment: '',
type: 'plugin',
name: 'users-permissions',
});
if (
_.get(await store.get({ key: 'advanced' }), 'email_confirmation') &&
!ctx.state.user.confirmed
) {
return handleErrors(ctx, 'Your account email is not confirmed.', 'unauthorized');
}
if (ctx.state.user.blocked) {
return handleErrors(
ctx,
'Your account has been blocked by the administrator.',
'unauthorized'
);
}
}
// Retrieve `public` role.
if (!role) {
role = await strapi
.query('plugin::users-permissions.role')
.findOne({ where: { type: 'public' } });
}
const route = ctx.request.route;
const permission = await strapi.query('plugin::users-permissions.permission').findOne({
where: {
role: { id: role.id },
type: route.plugin || 'application',
controller: route.controller,
action: route.action,
enabled: true,
},
});
if (!permission) {
return handleErrors(ctx, undefined, 'forbidden');
}
// Execute the policies.
if (permission.policy) {
return await strapi.plugin('users-permissions').policy(permission.policy)(ctx, next);
}
// Execute the action.
await next();
};
const handleErrors = (ctx, err = undefined, type) => {
throw strapi.errors[type](err);
};
Reference in New Issue View Git Blame Copy Permalink