MCPcopy Index your code
hub / github.com/chartbrew/chartbrew / checkPermissions

Function checkPermissions

server/api/ConnectionRoute.js:77–111  ·  view source on GitHub ↗
(actionType = "readOwn")

Source from the content-addressed store, hash-verified

75 };
76
77 const checkPermissions = (actionType = "readOwn") => {
78 return async (req, res, next) => {
79 const { team_id } = req.params;
80
81 // Fetch the TeamRole for the user
82 const teamRole = await teamController.getTeamRole(team_id, req.user.id);
83
84 if (!teamRole) {
85 return res.status(403).json({ message: "Access denied" });
86 }
87
88 const permission = accessControl.can(teamRole.role)[actionType]("connection");
89 if (!permission.granted) {
90 return res.status(403).json({ message: "Access denied" });
91 }
92
93 const { role, projects } = teamRole;
94
95 // Handle permissions for teamOwner and teamAdmin
96 if (["teamOwner", "teamAdmin"].includes(role)) {
97 req.user.isEditor = true;
98 return next();
99 }
100
101 if (role === "projectAdmin" || role === "projectViewer" || role === "projectEditor") {
102 // save the projects in the user object
103 req.user.projects = projects;
104 req.user.permittedFields = permission.attributes;
105
106 return next();
107 }
108
109 return res.status(403).json({ message: "Access denied" });
110 };
111 };
112
113 const ensureConnectionBelongsToTeam = async (req, res, next) => {
114 try {

Callers 1

ConnectionRoute.jsFile · 0.70

Calls 1

getTeamRoleMethod · 0.80

Tested by

no test coverage detected