mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2024-11-28 01:55:38 -05:00
31 lines
1,021 B
CoffeeScript
31 lines
1,021 B
CoffeeScript
|
# Middleware for both authentication and authorization
|
||
|
|
|
||
|
|
errors = require '../commons/errors'
|
||
|
|
|
||
|
|
module.exports = {
|
||
|
|
checkDocumentPermissions: (req, res, next) ->
|
||
|
|
return next() if req.user?.isAdmin()
|
||
|
|
if not req.doc.hasPermissionsForMethod(req.user, req.method)
|
||
|
|
if req.user
|
||
|
|
return next new errors.Forbidden('You do not have permissions necessary.')
|
||
|
|
return next new errors.Unauthorized('You must be logged in.')
|
||
|
|
next()
|
||
|
|
|
||
|
|
checkLoggedIn: ->
|
||
|
|
return (req, res, next) ->
|
||
|
|
if not req.user
|
||
|
|
return next new errors.Unauthorized('You must be logged in.')
|
||
|
|
next()
|
||
|
|
|
||
|
|
checkHasPermission: (permissions) ->
|
||
|
|
if _.isString(permissions)
|
||
|
|
permissions = [permissions]
|
||
|
|
|
||
|
|
return (req, res, next) ->
|
||
|
|
if not req.user
|
||
|
|
return next new errors.Unauthorized('You must be logged in.')
|
||
|
|
if not _.size(_.intersection(req.user.get('permissions'), permissions))
|
||
|
|
return next new errors.Forbidden('You do not have permissions necessary.')
|
||
|
|
next()
|
||
|
|
|
||
|
|
}
|