Skip to content

Commit 7539fa0

Browse files
author
Sachin Maheshwari
committed
implementing scope checking.
1 parent ea66a2f commit 7539fa0

File tree

2 files changed

+20
-4
lines changed

2 files changed

+20
-4
lines changed

src/constants.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,3 +77,7 @@ export const BUS_API_EVENT = {
7777
export const REGEX = {
7878
URL: /^(http(s?):\/\/)?(www\.)?[a-zA-Z0-9\.\-\_]+(\.[a-zA-Z]{2,15})+(\:[0-9]{2,5})?(\/[a-zA-Z0-9\_\-\s\.\/\?\%\#\&\=;]*)?$/, // eslint-disable-line
7979
};
80+
81+
export const TOKEN_SCOPES = {
82+
CONNECT_PROJECT_ADMIN: "all:connect_project"
83+
};

src/util.js

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ import urlencode from 'urlencode';
1717
import elasticsearch from 'elasticsearch';
1818
import Promise from 'bluebird';
1919
import AWS from 'aws-sdk';
20-
import { ADMIN_ROLES } from './constants';
20+
import { ADMIN_ROLES, TOKEN_SCOPES } from './constants';
2121

2222
const exec = require('child_process').exec;
2323
const models = require('./models').default;
@@ -71,7 +71,11 @@ _.assignIn(util, {
7171
*/
7272
hasRole: (req, role) => {
7373
const isMachineToken = _.get(req, 'authUser.isMachine', false);
74-
if (isMachineToken) return true;
74+
const tokenScopes = _.get(req, 'authUser.scopes', []);
75+
if (isMachineToken) {
76+
if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true;
77+
return false;
78+
}
7579
let roles = _.get(req, 'authUser.roles', []);
7680
roles = roles.map(s => s.toLowerCase());
7781
return _.indexOf(roles, role.toLowerCase()) >= 0;
@@ -84,7 +88,11 @@ _.assignIn(util, {
8488
*/
8589
hasRoles: (req, roles) => {
8690
const isMachineToken = _.get(req, 'authUser.isMachine', false);
87-
if (isMachineToken) return true;
91+
const tokenScopes = _.get(req, 'authUser.scopes', []);
92+
if (isMachineToken) {
93+
if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true;
94+
return false;
95+
}
8896
let authRoles = _.get(req, 'authUser.roles', []);
8997
authRoles = authRoles.map(s => s.toLowerCase());
9098
return _.intersection(authRoles, roles.map(r => r.toLowerCase())).length > 0;
@@ -106,7 +114,11 @@ _.assignIn(util, {
106114
*/
107115
hasAdminRole: (req) => {
108116
const isMachineToken = _.get(req, 'authUser.isMachine', false);
109-
if (isMachineToken) return true;
117+
const tokenScopes = _.get(req, 'authUser.scopes', []);
118+
if (isMachineToken) {
119+
if (_.indexOf(tokenScopes, TOKEN_SCOPES.CONNECT_PROJECT_ADMIN) >= 0) return true;
120+
return false;
121+
}
110122
let roles = _.get(req, 'authUser.roles', []);
111123
roles = roles.map(s => s.toLowerCase());
112124
return _.intersection(roles, ADMIN_ROLES.map(r => r.toLowerCase())).length > 0;

0 commit comments

Comments
 (0)