mirror of
https://github.com/ZeppelinBot/Zeppelin.git
synced 2025-03-18 23:09:59 +00:00
93 lines
2.9 KiB
TypeScript
93 lines
2.9 KiB
TypeScript
export enum ApiPermissions {
|
|
Owner = "OWNER",
|
|
ManageAccess = "MANAGE_ACCESS",
|
|
EditConfig = "EDIT_CONFIG",
|
|
ReadConfig = "READ_CONFIG",
|
|
}
|
|
|
|
const reverseApiPermissions = Object.entries(ApiPermissions).reduce((map, [key, value]) => {
|
|
map[value] = key;
|
|
return map;
|
|
}, {});
|
|
|
|
export const permissionNames = {
|
|
[ApiPermissions.Owner]: "Server owner",
|
|
[ApiPermissions.ManageAccess]: "Manage dashboard access",
|
|
[ApiPermissions.EditConfig]: "Edit config",
|
|
[ApiPermissions.ReadConfig]: "Read config",
|
|
};
|
|
|
|
export type TPermissionHierarchy = Array<ApiPermissions | [ApiPermissions, TPermissionHierarchy]>;
|
|
|
|
export const permissionHierarchy: TPermissionHierarchy = [
|
|
[ApiPermissions.Owner, [[ApiPermissions.ManageAccess, [[ApiPermissions.EditConfig, [ApiPermissions.ReadConfig]]]]]],
|
|
];
|
|
|
|
export function permissionArrToSet(permissions: string[]): Set<ApiPermissions> {
|
|
return new Set(permissions.filter(p => reverseApiPermissions[p])) as Set<ApiPermissions>;
|
|
}
|
|
|
|
/**
|
|
* Checks whether granted permissions include the specified permission, taking into account permission hierarchy i.e.
|
|
* that in the case of nested permissions, having a top level permission implicitly grants you any permissions nested
|
|
* under it as well
|
|
*/
|
|
export function hasPermission(grantedPermissions: Set<ApiPermissions>, permissionToCheck: ApiPermissions): boolean {
|
|
// Directly granted
|
|
if (grantedPermissions.has(permissionToCheck)) {
|
|
return true;
|
|
}
|
|
|
|
// Check by hierarchy
|
|
if (checkTreeForPermission(permissionHierarchy, grantedPermissions, permissionToCheck)) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
function checkTreeForPermission(
|
|
tree: TPermissionHierarchy,
|
|
grantedPermissions: Set<ApiPermissions>,
|
|
permission: ApiPermissions,
|
|
): boolean {
|
|
for (const item of tree) {
|
|
const [perm, nested] = Array.isArray(item) ? item : [item];
|
|
|
|
// Top-level permission granted, implicitly grant all nested permissions as well
|
|
if (grantedPermissions.has(perm)) {
|
|
// Permission we were looking for was found nested under this permission -> granted
|
|
if (nested && treeIncludesPermission(nested, permission)) {
|
|
return true;
|
|
}
|
|
|
|
// Permission we were looking for was not found nested under this permission
|
|
// Since direct grants are not handled by this function, we can skip any further checks for this nested tree
|
|
continue;
|
|
}
|
|
|
|
// Top-level permission not granted, check further nested permissions
|
|
if (nested && checkTreeForPermission(nested, grantedPermissions, permission)) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
function treeIncludesPermission(tree: TPermissionHierarchy, permission: ApiPermissions): boolean {
|
|
for (const item of tree) {
|
|
const [perm, nested] = Array.isArray(item) ? item : [item];
|
|
|
|
if (perm === permission) {
|
|
return true;
|
|
}
|
|
|
|
const nestedResult = nested && treeIncludesPermission(nested, permission);
|
|
if (nestedResult) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|