2020-04-29 18:44:27 +03:00
|
|
|
const _ = require('lodash');
|
|
|
|
const Promise = require('bluebird');
|
|
|
|
const models = require('../../models');
|
2020-04-30 22:26:12 +03:00
|
|
|
const errors = require('@tryghost/errors');
|
2021-10-06 19:45:44 +03:00
|
|
|
const tpl = require('@tryghost/tpl');
|
|
|
|
|
|
|
|
const messages = {
|
|
|
|
userNotFound: 'User not found',
|
|
|
|
apiKeyNotFound: 'API Key not found'
|
|
|
|
};
|
2014-02-12 07:40:39 +04:00
|
|
|
|
2017-10-05 22:01:34 +03:00
|
|
|
module.exports = {
|
2014-02-12 07:40:39 +04:00
|
|
|
user: function (id) {
|
2020-05-05 21:37:53 +03:00
|
|
|
return models.User.findOne({id: id}, {withRelated: ['permissions', 'roles', 'roles.permissions']})
|
2014-02-12 07:40:39 +04:00
|
|
|
.then(function (foundUser) {
|
2020-04-29 18:44:27 +03:00
|
|
|
// CASE: {context: {user: id}} where the id is not in our database
|
2016-05-25 10:34:46 +03:00
|
|
|
if (!foundUser) {
|
2020-04-30 22:26:12 +03:00
|
|
|
return Promise.reject(new errors.NotFoundError({
|
2021-10-06 19:45:44 +03:00
|
|
|
message: tpl(messages.userNotFound)
|
2017-12-12 00:47:46 +03:00
|
|
|
}));
|
2016-05-25 10:34:46 +03:00
|
|
|
}
|
|
|
|
|
2020-05-05 21:37:53 +03:00
|
|
|
if (foundUser.get('status') !== 'active') {
|
|
|
|
return Promise.reject(new errors.UnauthorizedError());
|
|
|
|
}
|
|
|
|
|
2020-04-29 18:44:27 +03:00
|
|
|
const seenPerms = {};
|
|
|
|
|
|
|
|
const rolePerms = _.map(foundUser.related('roles').models, function (role) {
|
|
|
|
return role.related('permissions').models;
|
|
|
|
});
|
|
|
|
|
|
|
|
const allPerms = [];
|
|
|
|
const user = foundUser.toJSON();
|
2014-07-09 15:34:38 +04:00
|
|
|
|
2014-02-12 07:40:39 +04:00
|
|
|
rolePerms.push(foundUser.related('permissions').models);
|
|
|
|
|
|
|
|
_.each(rolePerms, function (rolePermGroup) {
|
|
|
|
_.each(rolePermGroup, function (perm) {
|
2020-04-29 18:44:27 +03:00
|
|
|
const key = perm.get('action_type') + '-' + perm.get('object_type') + '-' + perm.get('object_id');
|
2014-02-12 07:40:39 +04:00
|
|
|
|
|
|
|
// Only add perms once
|
|
|
|
if (seenPerms[key]) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
allPerms.push(perm);
|
|
|
|
seenPerms[key] = true;
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2017-09-25 12:17:06 +03:00
|
|
|
// @TODO fix this!
|
|
|
|
// Permissions is an array of models
|
|
|
|
// Roles is a JSON array
|
2014-07-23 22:17:29 +04:00
|
|
|
return {permissions: allPerms, roles: user.roles};
|
2016-10-04 18:33:43 +03:00
|
|
|
});
|
2014-02-12 07:40:39 +04:00
|
|
|
},
|
|
|
|
|
2019-01-18 14:17:12 +03:00
|
|
|
apiKey(id) {
|
|
|
|
return models.ApiKey.findOne({id}, {withRelated: ['role', 'role.permissions']})
|
|
|
|
.then((foundApiKey) => {
|
|
|
|
if (!foundApiKey) {
|
2020-04-30 22:26:12 +03:00
|
|
|
throw new errors.NotFoundError({
|
2021-10-06 19:45:44 +03:00
|
|
|
message: tpl(messages.apiKeyNotFound)
|
2019-01-18 14:17:12 +03:00
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
// api keys have a belongs_to relationship to a role and no individual permissions
|
|
|
|
// so there's no need for permission deduplication
|
|
|
|
const permissions = foundApiKey.related('role').related('permissions').models;
|
|
|
|
const roles = [foundApiKey.toJSON().role];
|
|
|
|
|
|
|
|
return {permissions, roles};
|
|
|
|
});
|
2014-02-12 07:40:39 +04:00
|
|
|
}
|
|
|
|
};
|