-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtaskPermissionCheck.js
More file actions
110 lines (92 loc) · 3.92 KB
/
taskPermissionCheck.js
File metadata and controls
110 lines (92 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
const taskModel = require("../models/taskModel");
const boardModel = require("../models/boardModel");
const dashboardModel = require("../models/dashboardModel");
/**
* Middleware to check if user has required role for a task's dashboard
* Extracts dashboardId from the task's board and checks permissions
* @param {Array<string>} allowedRoles - Array of roles that can access (e.g., ['Admin', 'Editor'])
*/
function checkTaskPermission(allowedRoles) {
return async (req, res, next) => {
try {
const userId = req.user.userId || req.user.id;
const taskId = parseInt(req.params.id || req.params.taskId);
if (!taskId) {
return res.status(400).json({ error: "Task ID is required" });
}
// Get the task to find its board
const task = await taskModel.getTask(taskId);
if (!task) {
return res.status(404).json({ error: "Task not found" });
}
// Get the board to find its dashboard
const board = await boardModel.getBoard(task.BoardId);
if (!board) {
return res.status(404).json({ error: "Board not found" });
}
const dashboardId = board.DashboardId;
const userRole = await dashboardModel.getUserRole(userId, dashboardId);
if (!userRole) {
return res.status(403).json({ error: "You do not have access to this dashboard" });
}
if (!allowedRoles.includes(userRole)) {
return res.status(403).json({
error: `Access denied. Required role: ${allowedRoles.join(" or ")}. Your role: ${userRole}`
});
}
req.userRole = userRole;
req.dashboardId = dashboardId;
next();
} catch (error) {
console.error("Task permission check error:", error);
res.status(500).json({ error: "Internal server error" });
}
};
}
/**
* Middleware for checking permissions when creating a task (boardId in body)
*/
function checkBoardForTaskCreation(allowedRoles) {
return async (req, res, next) => {
try {
const userId = req.user.userId || req.user.id;
const boardId = parseInt(req.body.boardId);
console.log(`[Task Creation Check] User ${userId} attempting to create task in board ${boardId}`);
if (!boardId || isNaN(boardId)) {
console.error('[Task Creation Check] Invalid or missing board ID');
return res.status(400).json({ error: "Board ID is required" });
}
// Get the board to find its dashboard
const board = await boardModel.getBoard(boardId);
if (!board) {
console.error(`[Task Creation Check] Board ${boardId} not found`);
return res.status(404).json({ error: "Board not found" });
}
const dashboardId = board.DashboardId;
console.log(`[Task Creation Check] Board ${boardId} belongs to dashboard ${dashboardId}`);
const userRole = await dashboardModel.getUserRole(userId, dashboardId);
console.log(`[Task Creation Check] User ${userId} has role: ${userRole || 'none'}`);
if (!userRole) {
console.error(`[Task Creation Check] User ${userId} has no access to dashboard ${dashboardId}`);
return res.status(403).json({ error: "You do not have access to this dashboard" });
}
if (!allowedRoles.includes(userRole)) {
console.error(`[Task Creation Check] User role ${userRole} not in allowed roles: ${allowedRoles.join(', ')}`);
return res.status(403).json({
error: `Access denied. Required role: ${allowedRoles.join(" or ")}. Your role: ${userRole}`
});
}
console.log(`[Task Creation Check] Access granted to user ${userId} with role ${userRole}`);
req.userRole = userRole;
req.dashboardId = dashboardId;
next();
} catch (error) {
console.error("Task creation permission check error:", error.message, error);
res.status(500).json({ error: "Failed to verify task creation permissions" });
}
};
}
module.exports = {
checkTaskPermission,
checkBoardForTaskCreation
};