fix(auth): fix permissions checks for auth package

Frantz Kati · Frantz Kati · commit 58ea6abc4332 · 2020-11-26T12:12:18.000+01:00
diff --git a/examples/blog/app.js b/examples/blog/app.js
@@ -81,7 +81,7 @@ module.exports = tensei()
     .databaseConfig({
         type: process.env.DATABASE_TYPE || 'mysql',
         dbName: process.env.DATABASE_NAME || 'mikrotensei',
-        debug: process.env.DEBUG || false,
+        debug: process.env.DEBUG || true,
         user: process.env.DATABASE_USER || 'mikrotensei',
         password: process.env.DATABASE_PASSWORD || '',
     })
diff --git a/packages/auth/src/index.ts b/packages/auth/src/index.ts
@@ -591,7 +591,7 @@ class Auth {
                                 ].includes(path)
                             ) {
                                 return query.authorize(({ user }) =>
-                                    user.permissions!.includes(`insert:${slug}`)
+                                    user?.permissions?.includes(`insert:${slug}`)
                                 )
                             }
 
@@ -602,7 +602,7 @@ class Auth {
                                 ].includes(path)
                             ) {
                                 return query.authorize(({ user }) =>
-                                    user.permissions!.includes(`delete:${slug}`)
+                                    user?.permissions?.includes(`delete:${slug}`)
                                 )
                             }
 
@@ -613,19 +613,19 @@ class Auth {
                                 ].includes(path)
                             ) {
                                 return query.authorize(({ user }) =>
-                                    user.permissions!.includes(`update:${slug}`)
+                                    user?.permissions?.includes(`update:${slug}`)
                                 )
                             }
 
                             if (path === plural) {
                                 return query.authorize(({ user }) =>
-                                    user.permissions!.includes(`fetch:${slug}`)
+                                    user?.permissions?.includes(`fetch:${slug}`)
                                 )
                             }
 
                             if (path === singular) {
                                 return query.authorize(({ user }) =>
-                                    user.permissions!.includes(`show:${slug}`)
+                                    user?.permissions?.includes(`show:${slug}`)
                                 )
                             }
                         }
@@ -702,7 +702,7 @@ class Auth {
                                 internal
                             ) {
                                 return route.authorize(({ user }) =>
-                                    user.permissions!.includes(
+                                    user?.permissions?.includes(
                                         `insert:${slugSingular}`
                                     )
                                 )
@@ -714,7 +714,7 @@ class Auth {
                                 internal
                             ) {
                                 return route.authorize(({ user }) =>
-                                    user.permissions!.includes(
+                                    user?.permissions?.includes(
                                         `fetch:${slugSingular}`
                                     )
                                 )
@@ -726,7 +726,7 @@ class Auth {
                                 internal
                             ) {
                                 return route.authorize(({ user }) =>
-                                    user.permissions!.includes(
+                                    user?.permissions?.includes(
                                         `show:${slugSingular}`
                                     )
                                 )
@@ -741,7 +741,7 @@ class Auth {
                                 internal
                             ) {
                                 return route.authorize(({ user }) =>
-                                    user.permissions!.includes(
+                                    user?.permissions?.includes(
                                         `update:${slugSingular}`
                                     )
                                 )
@@ -756,7 +756,7 @@ class Auth {
                                 internal
                             ) {
                                 return route.authorize(({ user }) =>
-                                    user.permissions!.includes(
+                                    user?.permissions!.includes(
                                         `delete:${slugSingular}`
                                     )
                                 )
@@ -1689,21 +1689,18 @@ class Auth {
                 slug: 'public'
             },
             {
-                populate: [this.resources.permission.data.snakeCaseNamePlural],
+                populate: ['permissions'],
                 refresh: true
             }
         )
 
         if (!user) {
             ctx.user = {
                 public: true,
-                [this.resources.role.data.snakeCaseNamePlural]: [
+                roles: [
                     publicRole as UserRole
                 ],
-                [this.resources.permission.data
-                    .snakeCaseNamePlural]: publicRole[
-                    this.resources.permission.data.snakeCaseNamePlural
-                ]
+                permissions: publicRole.permissions
                     .toJSON()
                     .map((permission: any) => permission.slug)
             } as any
@@ -1761,6 +1758,13 @@ class Auth {
                 }
             )
 
+            if (this.config.rolesAndPermissions) {
+                user.permissions = user.roles.reduce((acc: string[], role: UserRole) => [
+                    ...acc,
+                    ...role.permissions.map(p => p.slug)
+                ], [])
+            }
+
             ctx.user = user
         } catch (error) {}
     }
diff --git a/packages/common/typings/config.d.ts b/packages/common/typings/config.d.ts
@@ -160,6 +160,11 @@ declare module '@tensei/common/config' {
         id: number
         name: string
         slug: string
+        permissions: ({
+            id: number
+            name: string
+            slug: string
+        })[]
     }
     interface User {
         id: number

Original file line number	Diff line number	Diff line change
`@@ -591,7 +591,7 @@ class Auth {`
`591`	`591`	`].includes(path)`
`592`	`592`	`) {`
`593`	`593`	`return query.authorize(({ user }) =>`
`594`		- user.permissions!.includes(`insert:${slug}`)
	`594`	+ user?.permissions?.includes(`insert:${slug}`)
`595`	`595`	`)`
`596`	`596`	`}`
`597`	`597`
`@@ -602,7 +602,7 @@ class Auth {`
`602`	`602`	`].includes(path)`
`603`	`603`	`) {`
`604`	`604`	`return query.authorize(({ user }) =>`
`605`		- user.permissions!.includes(`delete:${slug}`)
	`605`	+ user?.permissions?.includes(`delete:${slug}`)
`606`	`606`	`)`
`607`	`607`	`}`
`608`	`608`
`@@ -613,19 +613,19 @@ class Auth {`
`613`	`613`	`].includes(path)`
`614`	`614`	`) {`
`615`	`615`	`return query.authorize(({ user }) =>`
`616`		- user.permissions!.includes(`update:${slug}`)
	`616`	+ user?.permissions?.includes(`update:${slug}`)
`617`	`617`	`)`
`618`	`618`	`}`
`619`	`619`
`620`	`620`	`if (path === plural) {`
`621`	`621`	`return query.authorize(({ user }) =>`
`622`		- user.permissions!.includes(`fetch:${slug}`)
	`622`	+ user?.permissions?.includes(`fetch:${slug}`)
`623`	`623`	`)`
`624`	`624`	`}`
`625`	`625`
`626`	`626`	`if (path === singular) {`
`627`	`627`	`return query.authorize(({ user }) =>`
`628`		- user.permissions!.includes(`show:${slug}`)
	`628`	+ user?.permissions?.includes(`show:${slug}`)
`629`	`629`	`)`
`630`	`630`	`}`
`631`	`631`	`}`
`@@ -702,7 +702,7 @@ class Auth {`
`702`	`702`	`internal`
`703`	`703`	`) {`
`704`	`704`	`return route.authorize(({ user }) =>`
`705`		`- user.permissions!.includes(`
	`705`	`+ user?.permissions?.includes(`
`706`	`706`	`insert:${slugSingular}`
`707`	`707`	`)`
`708`	`708`	`)`
`@@ -714,7 +714,7 @@ class Auth {`
`714`	`714`	`internal`
`715`	`715`	`) {`
`716`	`716`	`return route.authorize(({ user }) =>`
`717`		`- user.permissions!.includes(`
	`717`	`+ user?.permissions?.includes(`
`718`	`718`	`fetch:${slugSingular}`
`719`	`719`	`)`
`720`	`720`	`)`
`@@ -726,7 +726,7 @@ class Auth {`
`726`	`726`	`internal`
`727`	`727`	`) {`
`728`	`728`	`return route.authorize(({ user }) =>`
`729`		`- user.permissions!.includes(`
	`729`	`+ user?.permissions?.includes(`
`730`	`730`	`show:${slugSingular}`
`731`	`731`	`)`
`732`	`732`	`)`
`@@ -741,7 +741,7 @@ class Auth {`
`741`	`741`	`internal`
`742`	`742`	`) {`
`743`	`743`	`return route.authorize(({ user }) =>`
`744`		`- user.permissions!.includes(`
	`744`	`+ user?.permissions?.includes(`
`745`	`745`	`update:${slugSingular}`
`746`	`746`	`)`
`747`	`747`	`)`
`@@ -756,7 +756,7 @@ class Auth {`
`756`	`756`	`internal`
`757`	`757`	`) {`
`758`	`758`	`return route.authorize(({ user }) =>`
`759`		`- user.permissions!.includes(`
	`759`	`+ user?.permissions!.includes(`
`760`	`760`	`delete:${slugSingular}`
`761`	`761`	`)`
`762`	`762`	`)`
`@@ -1689,21 +1689,18 @@ class Auth {`
`1689`	`1689`	`slug: 'public'`
`1690`	`1690`	`},`
`1691`	`1691`	`{`
`1692`		`- populate: [this.resources.permission.data.snakeCaseNamePlural],`
	`1692`	`+ populate: ['permissions'],`
`1693`	`1693`	`refresh: true`
`1694`	`1694`	`}`
`1695`	`1695`	`)`
`1696`	`1696`
`1697`	`1697`	`if (!user) {`
`1698`	`1698`	`ctx.user = {`
`1699`	`1699`	`public: true,`
`1700`		`- [this.resources.role.data.snakeCaseNamePlural]: [`
	`1700`	`+ roles: [`
`1701`	`1701`	`publicRole as UserRole`
`1702`	`1702`	`],`
`1703`		`- [this.resources.permission.data`
`1704`		`- .snakeCaseNamePlural]: publicRole[`
`1705`		`- this.resources.permission.data.snakeCaseNamePlural`
`1706`		`- ]`
	`1703`	`+ permissions: publicRole.permissions`
`1707`	`1704`	`.toJSON()`
`1708`	`1705`	`.map((permission: any) => permission.slug)`
`1709`	`1706`	`} as any`
`@@ -1761,6 +1758,13 @@ class Auth {`
`1761`	`1758`	`}`
`1762`	`1759`	`)`
`1763`	`1760`
	`1761`	`+ if (this.config.rolesAndPermissions) {`
	`1762`	`+ user.permissions = user.roles.reduce((acc: string[], role: UserRole) => [`
	`1763`	`+ ...acc,`
	`1764`	`+ ...role.permissions.map(p => p.slug)`
	`1765`	`+ ], [])`
	`1766`	`+ }`
	`1767`	`+`
`1764`	`1768`	`ctx.user = user`
`1765`	`1769`	`} catch (error) {}`
`1766`	`1770`	`}`