2018-12-19 14:50:01 +01:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
const MissingPermission = require('../missing-permission');
|
|
|
|
const { ADMIN } = require('../permissions');
|
|
|
|
|
|
|
|
module.exports = function(config, permission) {
|
|
|
|
if (!permission || !config.extendedPermissions) {
|
|
|
|
return (req, res, next) => next();
|
|
|
|
}
|
|
|
|
return (req, res, next) => {
|
|
|
|
if (
|
|
|
|
req.user &&
|
|
|
|
req.user.permissions &&
|
|
|
|
(req.user.permissions.indexOf(ADMIN) !== -1 ||
|
|
|
|
req.user.permissions.indexOf(permission) !== -1)
|
|
|
|
) {
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
return res
|
|
|
|
.status(403)
|
|
|
|
.json(
|
|
|
|
new MissingPermission({
|
|
|
|
permission,
|
|
|
|
message: `You require ${permission} to perform this action`,
|
2020-04-14 22:29:11 +02:00
|
|
|
}),
|
2018-12-19 14:50:01 +01:00
|
|
|
)
|
|
|
|
.end();
|
|
|
|
};
|
|
|
|
};
|