feat(lstv2 move): moved lstv2 into this app to keep them combined and easier to maintain
This commit is contained in:
@@ -0,0 +1,41 @@
|
||||
/*
|
||||
pass over a users uuid and return all modules they have permission too.
|
||||
in the login route we attach it to user under roles.
|
||||
*/
|
||||
|
||||
import { eq } from "drizzle-orm";
|
||||
import { db } from "../../../../../database/dbclient.js";
|
||||
import { userRoles } from "../../../../../database/schema/userRoles.js";
|
||||
|
||||
export const roleCheck = async (user_id: string | undefined) => {
|
||||
if (!user_id) {
|
||||
throw Error("Missing user_id");
|
||||
}
|
||||
let returnRoles: any = [];
|
||||
// get the user roles by the user_id
|
||||
returnRoles = await db
|
||||
.select({
|
||||
user_id: userRoles.user_id,
|
||||
role_id: userRoles.role_id,
|
||||
module_id: userRoles.module_id,
|
||||
role: userRoles.role,
|
||||
})
|
||||
.from(userRoles)
|
||||
.where(eq(userRoles.user_id, user_id));
|
||||
|
||||
if (returnRoles[0]?.role.includes("systemAdmin")) {
|
||||
const roles = await db
|
||||
.select({
|
||||
user_id: userRoles.user_id,
|
||||
role_id: userRoles.role_id,
|
||||
module_id: userRoles.module_id,
|
||||
role: userRoles.role,
|
||||
})
|
||||
.from(userRoles)
|
||||
.where(eq(userRoles.user_id, user_id));
|
||||
|
||||
return roles;
|
||||
}
|
||||
|
||||
return returnRoles;
|
||||
};
|
||||
@@ -0,0 +1,41 @@
|
||||
import {users} from "../../../../../database/schema/users.js";
|
||||
import {eq} from "drizzle-orm";
|
||||
import {db} from "../../../../../database/dbclient.js";
|
||||
import {userRoles} from "../../../../../database/schema/userRoles.js";
|
||||
import {modules} from "../../../../../database/schema/modules.js";
|
||||
import {roles} from "../../../../../database/schema/roles.js";
|
||||
import {createLog} from "../../../logger/logger.js";
|
||||
|
||||
export const setSysAdmin = async (user: any, roleName: any): Promise<void> => {
|
||||
// remove all userRoles to prevent errors
|
||||
try {
|
||||
const remove = await db.delete(userRoles).where(eq(userRoles.user_id, user[0].user_id));
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
}
|
||||
|
||||
// now we want to add the user to the system admin.
|
||||
const module = await db.select().from(modules);
|
||||
const role = await db.select().from(roles).where(eq(roles.name, roleName));
|
||||
|
||||
for (let i = 0; i < module.length; i++) {
|
||||
try {
|
||||
const userRole = await db.insert(userRoles).values({
|
||||
user_id: user[0].user_id,
|
||||
role_id: role[0].role_id,
|
||||
module_id: module[i].module_id,
|
||||
role: roleName,
|
||||
});
|
||||
createLog(
|
||||
"info",
|
||||
user[0].username,
|
||||
"auth",
|
||||
`${user[0].username} has been granted access to ${module[i].name} with the role ${roleName}`
|
||||
);
|
||||
} catch (error) {
|
||||
createLog("info", "lst", "auth", `Error settings user access: ${error}`);
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
};
|
||||
111
lstV2/server/services/auth/controllers/userRoles/setUserRoles.ts
Normal file
111
lstV2/server/services/auth/controllers/userRoles/setUserRoles.ts
Normal file
@@ -0,0 +1,111 @@
|
||||
/*
|
||||
pass over a users uuid and return all modules they have permission too.
|
||||
in the login route we attach it to user under roles.
|
||||
*/
|
||||
|
||||
import { and, eq } from "drizzle-orm";
|
||||
import { db } from "../../../../../database/dbclient.js";
|
||||
import { userRoles } from "../../../../../database/schema/userRoles.js";
|
||||
import { users } from "../../../../../database/schema/users.js";
|
||||
import { modules } from "../../../../../database/schema/modules.js";
|
||||
import { roles } from "../../../../../database/schema/roles.js";
|
||||
import { setSysAdmin } from "./setSysAdmin.js";
|
||||
|
||||
export const setUserAccess = async (
|
||||
username: string,
|
||||
moduleName: string,
|
||||
roleName: string,
|
||||
override?: string
|
||||
) => {
|
||||
// get the user roles by the user_id
|
||||
const user = await db
|
||||
.select()
|
||||
.from(users)
|
||||
.where(eq(users.username, username));
|
||||
const module = await db
|
||||
.select()
|
||||
.from(modules)
|
||||
.where(eq(modules.name, moduleName));
|
||||
|
||||
if (
|
||||
process.env.SECRETOVERRIDECODE != override &&
|
||||
roleName === "systemAdmin"
|
||||
) {
|
||||
return {
|
||||
success: false,
|
||||
message: "The override code provided is invalid.",
|
||||
};
|
||||
}
|
||||
|
||||
const role = await db.select().from(roles).where(eq(roles.name, roleName));
|
||||
|
||||
/**
|
||||
* For system admin we want to do a little more
|
||||
*/
|
||||
|
||||
if (roleName === "systemAdmin") {
|
||||
await setSysAdmin(user, roleName);
|
||||
return {
|
||||
success: true,
|
||||
message: `${username} has been granted access to ${moduleName} with the role ${roleName}`,
|
||||
};
|
||||
}
|
||||
//console.log(user, module, role);
|
||||
|
||||
// set the user
|
||||
try {
|
||||
const userRole = await db
|
||||
.insert(userRoles)
|
||||
.values({
|
||||
user_id: user[0].user_id,
|
||||
role_id: role[0].role_id,
|
||||
module_id: module[0].module_id,
|
||||
role: roleName,
|
||||
})
|
||||
.onConflictDoUpdate({
|
||||
target: userRoles.user_id,
|
||||
set: { role_id: role[0].role_id, role: roleName },
|
||||
});
|
||||
//.returning({user: users.username, email: users.email});
|
||||
|
||||
// return c.json({message: "User Registered", user}, 200);
|
||||
return {
|
||||
success: true,
|
||||
message: `${username} has been granted access to ${moduleName} with the role ${roleName}`,
|
||||
};
|
||||
} catch (error) {
|
||||
await changeRole(
|
||||
roleName,
|
||||
user[0].user_id,
|
||||
module[0].module_id,
|
||||
role[0].role_id
|
||||
);
|
||||
return {
|
||||
success: true,
|
||||
message: `${username} access on ${moduleName} has been changed to ${roleName}`,
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
const changeRole = async (
|
||||
role: any,
|
||||
userID: any,
|
||||
moduleID: any,
|
||||
roleID: any
|
||||
) => {
|
||||
await db
|
||||
.delete(userRoles)
|
||||
.where(
|
||||
and(
|
||||
eq(userRoles.user_id, userID),
|
||||
eq(userRoles.module_id, moduleID)
|
||||
)
|
||||
);
|
||||
|
||||
const userRole = await db.insert(userRoles).values({
|
||||
user_id: userID,
|
||||
role_id: roleID,
|
||||
module_id: moduleID,
|
||||
role: role,
|
||||
});
|
||||
};
|
||||
Reference in New Issue
Block a user