imterah/hermes
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases 1 Packages Wiki Activity Actions

fix: Adds missing code from permission by token checks.

Browse source
This commit is contained in:
Tera << 8 2024-04-19 15:50:43 +00:00
parent a7fd48d732
commit 61ee91a955
1 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/libs/permissions.ts
View file

@ -48,6 +48,7 @@ export async function hasPermission(permissionList: string[], uid: number, prism
export async function hasPermissionByToken(permissionList: string[], token: string, tokens: Record<number, SessionToken[]>, prisma: PrismaClient): Promise<boolean> { export async function hasPermissionByToken(permissionList: string[], token: string, tokens: Record<number, SessionToken[]>, prisma: PrismaClient): Promise<boolean> {
let userID = -1; let userID = -1;
// Look up in our currently authenticated users
for (const otherTokenKey of Object.keys(tokens)) { for (const otherTokenKey of Object.keys(tokens)) {
const otherTokenList = tokens[parseInt(otherTokenKey)]; const otherTokenList = tokens[parseInt(otherTokenKey)];
@ -66,8 +67,18 @@ export async function hasPermissionByToken(permissionList: string[], token: stri
} }
// Fine, we'll look up for global tokens... // Fine, we'll look up for global tokens...
// FIXME: Could this be more efficient? IDs are sequential in SQL I think
if (userID == -1) {
const allUsers = await prisma.user.findMany();
for (const user of allUsers) {
if (user.rootToken == token) userID = user.id;
};
}
// If we are STILL -1, we give up.
if (userID == -1) return false; if (userID == -1) return false;
return true; // Now we can test permissions!
return await hasPermission(permissionList, userID, prisma);
} }