mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-13 14:44:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: rename "Permissions" enum to "RequiredPermission"

Browse source 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Tilman Vatteroth 2023-05-19 13:55:12 +02:00
parent 6b73016583
commit 488238d854
10 changed files with 73 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

4
backend/src/api/private/media/media.controller.ts
View file

@ -23,10 +23,10 @@ import { MediaUploadDto } from '../../../media/media-upload.dto';
import { MediaService } from '../../../media/media.service'; import { MediaService } from '../../../media/media.service';
import { MulterFile } from '../../../media/multer-file.interface'; import { MulterFile } from '../../../media/multer-file.interface';
import { Note } from '../../../notes/note.entity'; import { Note } from '../../../notes/note.entity';
import { Permission } from '../../../permissions/permissions.enum';
import { PermissionsGuard } from '../../../permissions/permissions.guard'; import { PermissionsGuard } from '../../../permissions/permissions.guard';
import { PermissionsService } from '../../../permissions/permissions.service'; import { PermissionsService } from '../../../permissions/permissions.service';
import { RequirePermission } from '../../../permissions/require-permission.decorator'; import { RequirePermission } from '../../../permissions/require-permission.decorator';
import { RequiredPermission } from '../../../permissions/required-permission.enum';
import { User } from '../../../users/user.entity'; import { User } from '../../../users/user.entity';
import { NoteHeaderInterceptor } from '../../utils/note-header.interceptor'; import { NoteHeaderInterceptor } from '../../utils/note-header.interceptor';
import { OpenApi } from '../../utils/openapi.decorator'; import { OpenApi } from '../../utils/openapi.decorator';
@ -66,7 +66,7 @@ export class MediaController {
@UseGuards(PermissionsGuard) @UseGuards(PermissionsGuard)
@UseInterceptors(FileInterceptor('file')) @UseInterceptors(FileInterceptor('file'))
@UseInterceptors(NoteHeaderInterceptor) @UseInterceptors(NoteHeaderInterceptor)
@RequirePermission(Permission.WRITE) @RequirePermission(RequiredPermission.WRITE)
@OpenApi( @OpenApi(
{ {
code: 201, code: 201,

30
backend/src/api/private/notes/notes.controller.ts
View file

@ -30,10 +30,10 @@ import { NoteDto } from '../../../notes/note.dto';
import { Note } from '../../../notes/note.entity'; import { Note } from '../../../notes/note.entity';
import { NoteMediaDeletionDto } from '../../../notes/note.media-deletion.dto'; import { NoteMediaDeletionDto } from '../../../notes/note.media-deletion.dto';
import { NotesService } from '../../../notes/notes.service'; import { NotesService } from '../../../notes/notes.service';
import { Permission } from '../../../permissions/permissions.enum';
import { PermissionsGuard } from '../../../permissions/permissions.guard'; import { PermissionsGuard } from '../../../permissions/permissions.guard';
import { PermissionsService } from '../../../permissions/permissions.service'; import { PermissionsService } from '../../../permissions/permissions.service';
import { RequirePermission } from '../../../permissions/require-permission.decorator'; import { RequirePermission } from '../../../permissions/require-permission.decorator';
import { RequiredPermission } from '../../../permissions/required-permission.enum';
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto'; import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
import { RevisionDto } from '../../../revisions/revision.dto'; import { RevisionDto } from '../../../revisions/revision.dto';
import { RevisionsService } from '../../../revisions/revisions.service'; import { RevisionsService } from '../../../revisions/revisions.service';
@ -65,7 +65,7 @@ export class NotesController {
@Get(':noteIdOrAlias') @Get(':noteIdOrAlias')
@OpenApi(200) @OpenApi(200)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
async getNote( async getNote(
@RequestUser({ guestsAllowed: true }) user: User | null, @RequestUser({ guestsAllowed: true }) user: User | null,
@ -77,7 +77,7 @@ export class NotesController {
@Get(':noteIdOrAlias/media') @Get(':noteIdOrAlias/media')
@OpenApi(200) @OpenApi(200)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
async getNotesMedia(@RequestNote() note: Note): Promise<MediaUploadDto[]> { async getNotesMedia(@RequestNote() note: Note): Promise<MediaUploadDto[]> {
const media = await this.mediaService.listUploadsByNote(note); const media = await this.mediaService.listUploadsByNote(note);
@ -88,7 +88,7 @@ export class NotesController {
@Post() @Post()
@OpenApi(201, 413) @OpenApi(201, 413)
@RequirePermission(Permission.CREATE) @RequirePermission(RequiredPermission.CREATE)
async createNote( async createNote(
@RequestUser({ guestsAllowed: true }) user: User | null, @RequestUser({ guestsAllowed: true }) user: User | null,
@MarkdownBody() text: string, @MarkdownBody() text: string,
@ -101,7 +101,7 @@ export class NotesController {
@Post(':noteAlias') @Post(':noteAlias')
@OpenApi(201, 400, 404, 409, 413) @OpenApi(201, 400, 404, 409, 413)
@RequirePermission(Permission.CREATE) @RequirePermission(RequiredPermission.CREATE)
async createNamedNote( async createNamedNote(
@RequestUser({ guestsAllowed: true }) user: User | null, @RequestUser({ guestsAllowed: true }) user: User | null,
@Param('noteAlias') noteAlias: string, @Param('noteAlias') noteAlias: string,
@ -115,7 +115,7 @@ export class NotesController {
@Delete(':noteIdOrAlias') @Delete(':noteIdOrAlias')
@OpenApi(204, 404, 500) @OpenApi(204, 404, 500)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
async deleteNote( async deleteNote(
@RequestUser() user: User, @RequestUser() user: User,
@ -137,7 +137,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@Get(':noteIdOrAlias/metadata') @Get(':noteIdOrAlias/metadata')
async getNoteMetadata( async getNoteMetadata(
@RequestUser({ guestsAllowed: true }) user: User | null, @RequestUser({ guestsAllowed: true }) user: User | null,
@ -148,7 +148,7 @@ export class NotesController {
@Get(':noteIdOrAlias/revisions') @Get(':noteIdOrAlias/revisions')
@OpenApi(200, 404) @OpenApi(200, 404)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
async getNoteRevisions( async getNoteRevisions(
@RequestUser({ guestsAllowed: true }) user: User | null, @RequestUser({ guestsAllowed: true }) user: User | null,
@ -164,7 +164,7 @@ export class NotesController {
@Delete(':noteIdOrAlias/revisions') @Delete(':noteIdOrAlias/revisions')
@OpenApi(204, 404) @OpenApi(204, 404)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
async purgeNoteRevisions( async purgeNoteRevisions(
@RequestUser() user: User, @RequestUser() user: User,
@ -184,7 +184,7 @@ export class NotesController {
@Get(':noteIdOrAlias/revisions/:revisionId') @Get(':noteIdOrAlias/revisions/:revisionId')
@OpenApi(200, 404) @OpenApi(200, 404)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
async getNoteRevision( async getNoteRevision(
@RequestUser({ guestsAllowed: true }) user: User | null, @RequestUser({ guestsAllowed: true }) user: User | null,
@ -199,7 +199,7 @@ export class NotesController {
@Put(':noteIdOrAlias/metadata/permissions/users/:userName') @Put(':noteIdOrAlias/metadata/permissions/users/:userName')
@OpenApi(200, 403, 404) @OpenApi(200, 403, 404)
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
async setUserPermission( async setUserPermission(
@RequestUser() user: User, @RequestUser() user: User,
@RequestNote() note: Note, @RequestNote() note: Note,
@ -216,7 +216,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@Delete(':noteIdOrAlias/metadata/permissions/users/:userName') @Delete(':noteIdOrAlias/metadata/permissions/users/:userName')
async removeUserPermission( async removeUserPermission(
@RequestUser() user: User, @RequestUser() user: User,
@ -241,7 +241,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@Put(':noteIdOrAlias/metadata/permissions/groups/:groupName') @Put(':noteIdOrAlias/metadata/permissions/groups/:groupName')
async setGroupPermission( async setGroupPermission(
@RequestUser() user: User, @RequestUser() user: User,
@ -259,7 +259,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@UseGuards(PermissionsGuard) @UseGuards(PermissionsGuard)
@Delete(':noteIdOrAlias/metadata/permissions/groups/:groupName') @Delete(':noteIdOrAlias/metadata/permissions/groups/:groupName')
async removeGroupPermission( async removeGroupPermission(
@ -276,7 +276,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@Put(':noteIdOrAlias/metadata/permissions/owner') @Put(':noteIdOrAlias/metadata/permissions/owner')
async changeOwner( async changeOwner(
@RequestUser() user: User, @RequestUser() user: User,

4
backend/src/api/public/media/media.controller.ts
View file

@ -29,10 +29,10 @@ import { MediaUploadDto } from '../../../media/media-upload.dto';
import { MediaService } from '../../../media/media.service'; import { MediaService } from '../../../media/media.service';
import { MulterFile } from '../../../media/multer-file.interface'; import { MulterFile } from '../../../media/multer-file.interface';
import { Note } from '../../../notes/note.entity'; import { Note } from '../../../notes/note.entity';
import { Permission } from '../../../permissions/permissions.enum';
import { PermissionsGuard } from '../../../permissions/permissions.guard'; import { PermissionsGuard } from '../../../permissions/permissions.guard';
import { PermissionsService } from '../../../permissions/permissions.service'; import { PermissionsService } from '../../../permissions/permissions.service';
import { RequirePermission } from '../../../permissions/require-permission.decorator'; import { RequirePermission } from '../../../permissions/require-permission.decorator';
import { RequiredPermission } from '../../../permissions/required-permission.enum';
import { User } from '../../../users/user.entity'; import { User } from '../../../users/user.entity';
import { NoteHeaderInterceptor } from '../../utils/note-header.interceptor'; import { NoteHeaderInterceptor } from '../../utils/note-header.interceptor';
import { OpenApi } from '../../utils/openapi.decorator'; import { OpenApi } from '../../utils/openapi.decorator';
@ -84,7 +84,7 @@ export class MediaController {
@UseGuards(PermissionsGuard) @UseGuards(PermissionsGuard)
@UseInterceptors(FileInterceptor('file')) @UseInterceptors(FileInterceptor('file'))
@UseInterceptors(NoteHeaderInterceptor) @UseInterceptors(NoteHeaderInterceptor)
@RequirePermission(Permission.WRITE) @RequirePermission(RequiredPermission.WRITE)
async uploadMedia( async uploadMedia(
@RequestUser() user: User, @RequestUser() user: User,
@UploadedFile() file: MulterFile, @UploadedFile() file: MulterFile,

36
backend/src/api/public/notes/notes.controller.ts
View file

@ -33,10 +33,10 @@ import { NoteDto } from '../../../notes/note.dto';
import { Note } from '../../../notes/note.entity'; import { Note } from '../../../notes/note.entity';
import { NoteMediaDeletionDto } from '../../../notes/note.media-deletion.dto'; import { NoteMediaDeletionDto } from '../../../notes/note.media-deletion.dto';
import { NotesService } from '../../../notes/notes.service'; import { NotesService } from '../../../notes/notes.service';
import { Permission } from '../../../permissions/permissions.enum';
import { PermissionsGuard } from '../../../permissions/permissions.guard'; import { PermissionsGuard } from '../../../permissions/permissions.guard';
import { PermissionsService } from '../../../permissions/permissions.service'; import { PermissionsService } from '../../../permissions/permissions.service';
import { RequirePermission } from '../../../permissions/require-permission.decorator'; import { RequirePermission } from '../../../permissions/require-permission.decorator';
import { RequiredPermission } from '../../../permissions/required-permission.enum';
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto'; import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
import { RevisionDto } from '../../../revisions/revision.dto'; import { RevisionDto } from '../../../revisions/revision.dto';
import { RevisionsService } from '../../../revisions/revisions.service'; import { RevisionsService } from '../../../revisions/revisions.service';
@ -67,7 +67,7 @@ export class NotesController {
this.logger.setContext(NotesController.name); this.logger.setContext(NotesController.name);
} }
@RequirePermission(Permission.CREATE) @RequirePermission(RequiredPermission.CREATE)
@Post() @Post()
@OpenApi(201, 403, 409, 413) @OpenApi(201, 403, 409, 413)
async createNote( async createNote(
@ -81,7 +81,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@Get(':noteIdOrAlias') @Get(':noteIdOrAlias')
@OpenApi( @OpenApi(
{ {
@ -100,7 +100,7 @@ export class NotesController {
return await this.noteService.toNoteDto(note); return await this.noteService.toNoteDto(note);
} }
@RequirePermission(Permission.CREATE) @RequirePermission(RequiredPermission.CREATE)
@Post(':noteAlias') @Post(':noteAlias')
@OpenApi( @OpenApi(
{ {
@ -125,7 +125,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@Delete(':noteIdOrAlias') @Delete(':noteIdOrAlias')
@OpenApi(204, 403, 404, 500) @OpenApi(204, 403, 404, 500)
async deleteNote( async deleteNote(
@ -148,7 +148,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.WRITE) @RequirePermission(RequiredPermission.WRITE)
@Put(':noteIdOrAlias') @Put(':noteIdOrAlias')
@OpenApi( @OpenApi(
{ {
@ -171,7 +171,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@Get(':noteIdOrAlias/content') @Get(':noteIdOrAlias/content')
@OpenApi( @OpenApi(
{ {
@ -190,7 +190,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@Get(':noteIdOrAlias/metadata') @Get(':noteIdOrAlias/metadata')
@OpenApi( @OpenApi(
{ {
@ -209,7 +209,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@Put(':noteIdOrAlias/metadata/permissions') @Put(':noteIdOrAlias/metadata/permissions')
@OpenApi( @OpenApi(
{ {
@ -231,7 +231,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@Get(':noteIdOrAlias/metadata/permissions') @Get(':noteIdOrAlias/metadata/permissions')
@OpenApi( @OpenApi(
{ {
@ -250,7 +250,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@Put(':noteIdOrAlias/metadata/permissions/users/:userName') @Put(':noteIdOrAlias/metadata/permissions/users/:userName')
@OpenApi( @OpenApi(
{ {
@ -277,7 +277,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@Delete(':noteIdOrAlias/metadata/permissions/users/:userName') @Delete(':noteIdOrAlias/metadata/permissions/users/:userName')
@OpenApi( @OpenApi(
{ {
@ -311,7 +311,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@Put(':noteIdOrAlias/metadata/permissions/groups/:groupName') @Put(':noteIdOrAlias/metadata/permissions/groups/:groupName')
@OpenApi( @OpenApi(
{ {
@ -338,7 +338,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@Delete(':noteIdOrAlias/metadata/permissions/groups/:groupName') @Delete(':noteIdOrAlias/metadata/permissions/groups/:groupName')
@OpenApi( @OpenApi(
{ {
@ -363,7 +363,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.OWNER) @RequirePermission(RequiredPermission.OWNER)
@Put(':noteIdOrAlias/metadata/permissions/owner') @Put(':noteIdOrAlias/metadata/permissions/owner')
@OpenApi( @OpenApi(
{ {
@ -386,7 +386,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@Get(':noteIdOrAlias/revisions') @Get(':noteIdOrAlias/revisions')
@OpenApi( @OpenApi(
{ {
@ -411,7 +411,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@Get(':noteIdOrAlias/revisions/:revisionId') @Get(':noteIdOrAlias/revisions/:revisionId')
@OpenApi( @OpenApi(
{ {
@ -433,7 +433,7 @@ export class NotesController {
} }
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@RequirePermission(Permission.READ) @RequirePermission(RequiredPermission.READ)
@Get(':noteIdOrAlias/media') @Get(':noteIdOrAlias/media')
@OpenApi({ @OpenApi({
code: 200, code: 200,

15
backend/src/permissions/permissions.enum.ts
View file

@ -1,15 +0,0 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
/**
* Represents the Permissions a user may hold in a request
*/
export enum Permission {
READ = 'read',
WRITE = 'write',
CREATE = 'create',
OWNER = 'owner',
}

6
backend/src/permissions/permissions.guard.ts
View file

@ -10,8 +10,8 @@ import { extractNoteFromRequest } from '../api/utils/extract-note-from-request';
import { CompleteRequest } from '../api/utils/request.type'; import { CompleteRequest } from '../api/utils/request.type';
import { ConsoleLoggerService } from '../logger/console-logger.service'; import { ConsoleLoggerService } from '../logger/console-logger.service';
import { NotesService } from '../notes/notes.service'; import { NotesService } from '../notes/notes.service';
import { Permission } from './permissions.enum';
import { PermissionsService } from './permissions.service'; import { PermissionsService } from './permissions.service';
import { RequiredPermission } from './required-permission.enum';
/** /**
* This guards controller methods from access, if the user has not the appropriate permissions. * This guards controller methods from access, if the user has not the appropriate permissions.
@ -31,7 +31,7 @@ export class PermissionsGuard implements CanActivate {
} }
async canActivate(context: ExecutionContext): Promise<boolean> { async canActivate(context: ExecutionContext): Promise<boolean> {
const permissions = this.reflector.get<Permission[]>( const permissions = this.reflector.get<RequiredPermission[]>(
'permissions', 'permissions',
context.getHandler(), context.getHandler(),
); );
@ -45,7 +45,7 @@ export class PermissionsGuard implements CanActivate {
const request: CompleteRequest = context.switchToHttp().getRequest(); const request: CompleteRequest = context.switchToHttp().getRequest();
const user = request.user ?? null; const user = request.user ?? null;
// handle CREATE permissions, as this does not need any note // handle CREATE permissions, as this does not need any note
if (permissions[0] === Permission.CREATE) { if (permissions[0] === RequiredPermission.CREATE) {
return this.permissionsService.mayCreate(user); return this.permissionsService.mayCreate(user);
} }
// Attention: This gets the note an additional time if used in conjunction with GetNoteInterceptor or NoteHeaderInterceptor // Attention: This gets the note an additional time if used in conjunction with GetNoteInterceptor or NoteHeaderInterceptor

15
backend/src/permissions/permissions.service.spec.ts
View file

@ -44,9 +44,9 @@ import { User } from '../users/user.entity';
import { UsersModule } from '../users/users.module'; import { UsersModule } from '../users/users.module';
import { NoteGroupPermission } from './note-group-permission.entity'; import { NoteGroupPermission } from './note-group-permission.entity';
import { NoteUserPermission } from './note-user-permission.entity'; import { NoteUserPermission } from './note-user-permission.entity';
import { Permission } from './permissions.enum';
import { PermissionsModule } from './permissions.module'; import { PermissionsModule } from './permissions.module';
import { PermissionsService } from './permissions.service'; import { PermissionsService } from './permissions.service';
import { RequiredPermission } from './required-permission.enum';
function mockedEventEmitter(eventEmitter: EventEmitter2) { function mockedEventEmitter(eventEmitter: EventEmitter2) {
return jest.spyOn(eventEmitter, 'emit').mockImplementationOnce((event) => { return jest.spyOn(eventEmitter, 'emit').mockImplementationOnce((event) => {
@ -188,6 +188,7 @@ describe('PermissionsService', () => {
return isOwner; return isOwner;
}); });
} }
beforeEach(() => { beforeEach(() => {
mockNoteRepo(noteRepo); mockNoteRepo(noteRepo);
eventEmitterEmitSpy = mockedEventEmitter(eventEmitter); eventEmitterEmitSpy = mockedEventEmitter(eventEmitter);
@ -793,14 +794,18 @@ describe('PermissionsService', () => {
it('with mayRead', async () => { it('with mayRead', async () => {
mockMayReadTrue(); mockMayReadTrue();
expect( expect(
await service.checkPermissionOnNote(Permission.READ, user1, notes[0]), await service.checkPermissionOnNote(
RequiredPermission.READ,
user1,
notes[0],
),
).toBeTruthy(); ).toBeTruthy();
}); });
it('with mayWrite', async () => { it('with mayWrite', async () => {
mockMayWriteTrue(); mockMayWriteTrue();
expect( expect(
await service.checkPermissionOnNote( await service.checkPermissionOnNote(
Permission.WRITE, RequiredPermission.WRITE,
user1, user1,
notes[0], notes[0],
), ),
@ -810,7 +815,7 @@ describe('PermissionsService', () => {
mockIsOwner(true); mockIsOwner(true);
expect( expect(
await service.checkPermissionOnNote( await service.checkPermissionOnNote(
Permission.OWNER, RequiredPermission.OWNER,
user1, user1,
notes[0], notes[0],
), ),
@ -824,7 +829,7 @@ describe('PermissionsService', () => {
mockIsOwner(false); mockIsOwner(false);
expect( expect(
await service.checkPermissionOnNote( await service.checkPermissionOnNote(
Permission.OWNER, RequiredPermission.OWNER,
user1, user1,
notes[0], notes[0],
), ),

12
backend/src/permissions/permissions.service.ts
View file

@ -27,7 +27,7 @@ import { UsersService } from '../users/users.service';
import { checkArrayForDuplicates } from '../utils/arrayDuplicatCheck'; import { checkArrayForDuplicates } from '../utils/arrayDuplicatCheck';
import { NoteGroupPermission } from './note-group-permission.entity'; import { NoteGroupPermission } from './note-group-permission.entity';
import { NoteUserPermission } from './note-user-permission.entity'; import { NoteUserPermission } from './note-user-permission.entity';
import { Permission } from './permissions.enum'; import { RequiredPermission } from './required-permission.enum';
@Injectable() @Injectable()
export class PermissionsService { export class PermissionsService {
@ -44,22 +44,22 @@ export class PermissionsService {
* Checks if the given {@link User} is has the in {@link desiredPermission} specified permission on {@link Note}. * Checks if the given {@link User} is has the in {@link desiredPermission} specified permission on {@link Note}.
* *
* @async * @async
* @param {Permission} desiredPermission - permission level to check for * @param {RequiredPermission} desiredPermission - permission level to check for
* @param {User} user - The user whose permission should be checked. Value is null if guest access should be checked * @param {User} user - The user whose permission should be checked. Value is null if guest access should be checked
* @param {Note} note - The note for which the permission should be checked * @param {Note} note - The note for which the permission should be checked
* @return if the user has the specified permission on the note * @return if the user has the specified permission on the note
*/ */
public async checkPermissionOnNote( public async checkPermissionOnNote(
desiredPermission: Exclude<Permission, Permission.CREATE>, desiredPermission: Exclude<RequiredPermission, RequiredPermission.CREATE>,
user: User | null, user: User | null,
note: Note, note: Note,
): Promise<boolean> { ): Promise<boolean> {
switch (desiredPermission) { switch (desiredPermission) {
case Permission.READ: case RequiredPermission.READ:
return await this.mayRead(user, note); return await this.mayRead(user, note);
case Permission.WRITE: case RequiredPermission.WRITE:
return await this.mayWrite(user, note); return await this.mayWrite(user, note);
case Permission.OWNER: case RequiredPermission.OWNER:
return await this.isOwner(user, note); return await this.isOwner(user, note);
} }
} }

4
backend/src/permissions/require-permission.decorator.ts
View file

@ -5,7 +5,7 @@
*/ */
import { CustomDecorator, SetMetadata } from '@nestjs/common'; import { CustomDecorator, SetMetadata } from '@nestjs/common';
import { Permission } from './permissions.enum'; import { RequiredPermission } from './required-permission.enum';
/** /**
* This decorator gathers the {@link Permission Permission} a user must hold for the {@link PermissionsGuard} * This decorator gathers the {@link Permission Permission} a user must hold for the {@link PermissionsGuard}
@ -14,5 +14,5 @@ import { Permission } from './permissions.enum';
*/ */
// eslint-disable-next-line func-style,@typescript-eslint/naming-convention // eslint-disable-next-line func-style,@typescript-eslint/naming-convention
export const RequirePermission = ( export const RequirePermission = (
...permissions: Permission[] ...permissions: RequiredPermission[]
): CustomDecorator => SetMetadata('permissions', permissions); ): CustomDecorator => SetMetadata('permissions', permissions);

15
backend/src/permissions/required-permission.enum.ts Normal file
View file

@ -0,0 +1,15 @@
/*
* SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
/**
* Represents the required access level a user needs to use a specific API endpoint.
*/
export enum RequiredPermission {
READ = 'read',
WRITE = 'write',
OWNER = 'owner',
CREATE = 'create',
}