MCPcopy Index your code
hub / github.com/chartbrew/chartbrew / checkPermissions

Function checkPermissions

server/api/ChartRoute.js:179–250  ·  view source on GitHub ↗
(actionType = "readOwn", entity = "chart")

Source from the content-addressed store, hash-verified

177 };
178
179 const checkPermissions = (actionType = "readOwn", entity = "chart") => {
180 return async (req, res, next) => {
181 const projectId = req.params.project_id || req.body?.project_id;
182 const chartId = req.params.chart_id || req.body?.chart_id;
183
184 const project = await projectController.findById(projectId);
185 if (!project) {
186 return res.status(404).json({ message: "Project not found" });
187 }
188
189 const teamRole = await teamController.getTeamRole(project.team_id, req.user.id);
190
191 req.user.teamRole = teamRole;
192
193 if (!teamRole?.role) {
194 return res.status(403).json({ message: "Access denied" });
195 }
196
197 // check if the chart is part of the right project
198 if (chartId && projectId) {
199 const chart = await chartController.findById(req.params.chart_id);
200 if (chart.project_id.toString() !== projectId.toString()) {
201 return res.status(403).json({ message: "Access denied" });
202 }
203 }
204
205 // check if the alert is part of a chart in the right project
206 if (chartId && req.params.alert_id) {
207 const alert = await alertController.findById(req.params.alert_id);
208 if (alert.chart_id.toString() !== chartId.toString()) {
209 return res.status(403).json({ message: "Access denied" });
210 }
211 }
212
213 // check if the cdc is part of a chart in the right project
214 if (chartId && req.params.cdc_id) {
215 const cdc = await db.ChartDatasetConfig.findByPk(req.params.cdc_id);
216 if (cdc.chart_id.toString() !== chartId.toString()) {
217 return res.status(403).json({ message: "Access denied" });
218 }
219 }
220
221 if (["teamOwner", "teamAdmin"].includes(teamRole.role)) {
222 const permission = accessControl.can(teamRole.role)[actionType](entity);
223 if (!permission.granted) {
224 return res.status(403).json({ message: "Access denied" });
225 }
226
227 return next();
228 }
229
230 if (teamRole?.projects?.length > 0) {
231 if (projectId) {
232 const filteredProjects = teamRole.projects.filter((o) => `${o}` === `${projectId}`);
233 if (filteredProjects.length === 0 && !project.ghost) {
234 return res.status(403).json({ message: "Access denied" });
235 }
236 }

Callers 1

ChartRoute.jsFile · 0.70

Calls 3

getTeamRoleMethod · 0.80
filterMethod · 0.80
findByIdMethod · 0.45

Tested by

no test coverage detected