2
1

user-right.ts 743 B

1234567891011121314151617181920212223242526
  1. import express from 'express'
  2. import { HttpStatusCode, UserRight } from '@shared/models'
  3. import { logger } from '../helpers/logger'
  4. function ensureUserHasRight (userRight: UserRight) {
  5. return function (req: express.Request, res: express.Response, next: express.NextFunction) {
  6. const user = res.locals.oauth.token.user
  7. if (user.hasRight(userRight) === false) {
  8. const message = `User ${user.username} does not have right ${userRight} to access to ${req.path}.`
  9. logger.info(message)
  10. return res.fail({
  11. status: HttpStatusCode.FORBIDDEN_403,
  12. message
  13. })
  14. }
  15. return next()
  16. }
  17. }
  18. // ---------------------------------------------------------------------------
  19. export {
  20. ensureUserHasRight
  21. }