Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | 4x 4x 4x 11x 9x 2x 4x 35x 18x 16x 16x 10x 9x 7x 7x 2x | "use strict";
const AUDIT_PERMISSION_ERROR = 'SESSION_PERMISSION_ERROR';
module.exports.AUDIT_PERMISSION_ERROR = AUDIT_PERMISSION_ERROR;
/**
* Express middleware for blocking non-logged in users
*/
module.exports.LOGGEDIN = function (req, res, next)
{
if (req.user)
{
return next();
}
res.error('Must be logged in', AUDIT_PERMISSION_ERROR);
};
/**
* Express middleware generator for blocking non-logged in users or users that do not have one of the specified roles
* @param {object} roles map of roles
* @return {ExpressMiddlewareFunction}
*/
module.exports.ROLE_ONE_OF = function (roles)
{
return function (req, res, next)
{
if (req.user)
{
let userRoles = req.user.roles || {};
for (let role in userRoles)
{
if (userRoles[role] && roles[role])
{
return next();
}
}
req.audit(AUDIT_PERMISSION_ERROR, 'MUST HAVE', JSON.stringify(roles), 'HAVE', JSON.stringify(req.user && req.user.roles || null));
res.error('Must have access');
}
else
{
res.error('Must be logged in', AUDIT_PERMISSION_ERROR);
}
};
};
|