From 77e595c85b16a5402a9da77d9b51dbb4872725a0 Mon Sep 17 00:00:00 2001 From: Kworz Date: Wed, 8 May 2024 14:56:02 +0200 Subject: [PATCH] moved validateRoute to server $lib --- src/hooks.server.ts | 2 +- src/lib/permission.ts | 84 +----------------------------------- src/lib/server/permission.ts | 84 ++++++++++++++++++++++++++++++++++++ 3 files changed, 86 insertions(+), 84 deletions(-) create mode 100644 src/lib/server/permission.ts diff --git a/src/hooks.server.ts b/src/hooks.server.ts index 0e36818..88c7fba 100644 --- a/src/hooks.server.ts +++ b/src/hooks.server.ts @@ -5,7 +5,7 @@ import { getSettings, getUserSettings } from '$lib/server/settings'; import { getS3Client } from '$lib/server/s3'; import { locale } from 'svelte-i18n'; import { isEnvironementValid } from '$lib/server/environment'; -import { validateRoute } from '$lib/permission'; +import { validateRoute } from '$lib/server/permission'; export const handle = (async ({ event, resolve }) => { diff --git a/src/lib/permission.ts b/src/lib/permission.ts index b34c625..a2107cd 100644 --- a/src/lib/permission.ts +++ b/src/lib/permission.ts @@ -26,86 +26,4 @@ export const validatePermission = (user: userWithIncludes | null, path: GroupPer console.error("Users group does not have enough permission to access this ressource"); return false; -} - -/** - * Gets if user can access specified route - * @param routeId route you want to validate - * @param user with its given group - * @returns can user access the specified route - */ -export const validateRoute = (routeId: string, user: userWithIncludes | null): boolean => { - - // Theses routes are always enabled for any user - const alwaysAccessibleRoutes = ["/", "/app/(base)", "/app/(base)/me", "/api/file/[...filePath]"]; - if(alwaysAccessibleRoutes.includes(routeId)) return true; - - if(routeId === "/app/(settings)/settings/mink") return user?.group?.admin || false; - - /** @todo Complete this list as each route is created */ - const associatedPermissionForRoute = { - - /// SCM Permission zone - "/app/(scm)/scm": "scm", - - "/app/(scm)/scm/articles": "article", - "/app/(scm)/scm/articles/print": "article", - "/app/(scm)/scm/articles/export": "article", - "/app/(scm)/scm/articles/import": "article", - "/app/(scm)/scm/articles/[id]": "article", - - "/app/(scm)/scm/assemblies": "assembly", - "/app/(scm)/scm/assemblies/[id]": "assembly", - - "/app/(scm)/scm/inbound_supplies": "inbound_supply", - "/app/(scm)/scm/lists": "buylist", - "/app/(scm)/scm/suppliers": "supplier", - - /// PROJECTS Permission zone - "/app/(pm)/pm": "pm", - - "/app/(pm)/pm/projects": "project", - "/app/(pm)/pm/projects/[id]": "project", - - "/app/(pm)/pm/manufacturing_orders": "manufacturing_order", - "/app/(pm)/pm/manufacturing_orders/[id]": "manufacturing_order", - - /// CRM Permission zone - "/app/(crm)/crm": "crm", - - /// ACCOUNTING Permission zone - "/app/(accounting)/accounting": "accounting", - "/app/(accounting)/accounting/orders": "order", - "/app/(accounting)/accounting/orders/[id]": "order", - - "/app/(accounting)/accounting/invoices": "invoice", - "/app/(accounting)/accounting/invoices/[id]": "invoice", - - "/app/(accounting)/accounting/transactions": "transaction", - "/app/(accounting)/accounting/transactions/[id]": "transaction", - - /// SETTINGS Permission zone - "/app/(settings)/settings": "settings", - "/app/(settings)/settings/users": "user", - "/app/(settings)/settings/users/[id]": "user", - "/app/(settings)/settings/users_groups": "user_group", - "/app/(settings)/settings/users_groups/[id]": "user_group", - - /// TOOLS Permission zone - "/app/(tools)/tools": "tools", - "/app/(tools)/tools/qr_scanner": "qr_code_scanner", - - } satisfies Record; - - const route = Object.keys(associatedPermissionForRoute).find(apfr => routeId === apfr) as keyof typeof associatedPermissionForRoute | undefined; - - if(route === undefined) { throw new Error(`No permission associated with route ${routeId}`); } - - // @ts-ignore - const validation = validatePermission(user, associatedPermissionForRoute[route], "r"); - - if(!validation) console.error(`User's group ${user?.group?.name || "—"} does not have enough permission to access ${routeId}`); - - return validation; - -} \ No newline at end of file +} \ No newline at end of file diff --git a/src/lib/server/permission.ts b/src/lib/server/permission.ts new file mode 100644 index 0000000..9dee49f --- /dev/null +++ b/src/lib/server/permission.ts @@ -0,0 +1,84 @@ +import type { userWithIncludes } from "$lib/components/derived/user/user"; +import type { GroupPermissions } from "$lib/permission"; + +/** + * Gets if user can access specified route + * @param routeId route you want to validate + * @param user with its given group + * @returns can user access the specified route + */ +export const validateRoute = (routeId: string, user: userWithIncludes | null): boolean => { + + // Theses routes are always enabled for any user + const alwaysAccessibleRoutes = ["/", "/app/(base)", "/app/(base)/me", "/api/file/[...filePath]"]; + if(alwaysAccessibleRoutes.includes(routeId)) return true; + + if(routeId === "/app/(settings)/settings/mink") return user?.group?.admin || false; + + /** @todo Complete this list as each route is created */ + const associatedPermissionForRoute = { + + /// SCM Permission zone + "/app/(scm)/scm": "scm", + + "/app/(scm)/scm/articles": "article", + "/app/(scm)/scm/articles/print": "article", + "/app/(scm)/scm/articles/export": "article", + "/app/(scm)/scm/articles/import": "article", + "/app/(scm)/scm/articles/[id]": "article", + + "/app/(scm)/scm/assemblies": "assembly", + "/app/(scm)/scm/assemblies/[id]": "assembly", + + "/app/(scm)/scm/inbound_supplies": "inbound_supply", + "/app/(scm)/scm/lists": "buylist", + "/app/(scm)/scm/suppliers": "supplier", + + /// PROJECTS Permission zone + "/app/(pm)/pm": "pm", + + "/app/(pm)/pm/projects": "project", + "/app/(pm)/pm/projects/[id]": "project", + + "/app/(pm)/pm/manufacturing_orders": "manufacturing_order", + "/app/(pm)/pm/manufacturing_orders/[id]": "manufacturing_order", + + /// CRM Permission zone + "/app/(crm)/crm": "crm", + + /// ACCOUNTING Permission zone + "/app/(accounting)/accounting": "accounting", + "/app/(accounting)/accounting/orders": "order", + "/app/(accounting)/accounting/orders/[id]": "order", + + "/app/(accounting)/accounting/invoices": "invoice", + "/app/(accounting)/accounting/invoices/[id]": "invoice", + + "/app/(accounting)/accounting/transactions": "transaction", + "/app/(accounting)/accounting/transactions/[id]": "transaction", + + /// SETTINGS Permission zone + "/app/(settings)/settings": "settings", + "/app/(settings)/settings/users": "user", + "/app/(settings)/settings/users/[id]": "user", + "/app/(settings)/settings/users_groups": "user_group", + "/app/(settings)/settings/users_groups/[id]": "user_group", + + /// TOOLS Permission zone + "/app/(tools)/tools": "tools", + "/app/(tools)/tools/qr_scanner": "qr_code_scanner", + + } satisfies Record; + + const route = Object.keys(associatedPermissionForRoute).find(apfr => routeId === apfr) as keyof typeof associatedPermissionForRoute | undefined; + + if(route === undefined) { throw new Error(`No permission associated with route ${routeId}`); } + + // @ts-ignore + const validation = validatePermission(user, associatedPermissionForRoute[route], "r"); + + if(!validation) console.error(`User's group ${user?.group?.name || "—"} does not have enough permission to access ${routeId}`); + + return validation; + +} \ No newline at end of file