kamp/pingvin-share
1
0
Fork 0
mirror of https://github.com/stonith404/pingvin-share.git synced 2024-11-15 11:50:34 +01:00
Code

refactor: run formatter

Browse Source
This commit is contained in:
Elias Schneider 2024-07-30 08:39:22 +02:00
parent 3505669135
commit 93aacca9b4
No known key found for this signature in database
GPG Key ID: 07E623B294202B6C
3 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
backend/src/oauth/provider/genericOidc.provider.ts
View File

@ -133,9 +133,9 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
: idTokenData.preferred_username || : idTokenData.preferred_username ||
idTokenData.name || idTokenData.name ||
idTokenData.nickname; idTokenData.nickname;
let isAdmin: boolean; let isAdmin: boolean;
if (roleConfig?.path) { if (roleConfig?.path) {
// A path to read roles from the token is configured // A path to read roles from the token is configured
let roles: string[] | null; let roles: string[] | null;
@ -146,9 +146,14 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
} }
if (Array.isArray(roles)) { if (Array.isArray(roles)) {
// Roles are found in the token // Roles are found in the token
if (roleConfig.generalAccess && !roles.includes(roleConfig.generalAccess)) { if (
roleConfig.generalAccess &&
!roles.includes(roleConfig.generalAccess)
) {
// Role for general access is configured and the user does not have it // Role for general access is configured and the user does not have it
this.logger.error(`User roles ${roles} do not include ${roleConfig.generalAccess}`); this.logger.error(
`User roles ${roles} do not include ${roleConfig.generalAccess}`,
);
throw new ErrorPageException("user_not_allowed"); throw new ErrorPageException("user_not_allowed");
} }
if (roleConfig.adminAccess) { if (roleConfig.adminAccess) {

6
backend/src/oauth/provider/oidc.provider.ts
View File

@ -35,8 +35,10 @@ export class OidcProvider extends GenericOidcProvider {
): Promise<OAuthSignInDto> { ): Promise<OAuthSignInDto> {
const claim = this.config.get("oauth.oidc-usernameClaim") || undefined; const claim = this.config.get("oauth.oidc-usernameClaim") || undefined;
const rolePath = this.config.get("oauth.oidc-rolePath") || undefined; const rolePath = this.config.get("oauth.oidc-rolePath") || undefined;
const roleGeneralAccess = this.config.get("oauth.oidc-roleGeneralAccess") || undefined; const roleGeneralAccess =
const roleAdminAccess = this.config.get("oauth.oidc-roleAdminAccess") || undefined; this.config.get("oauth.oidc-roleGeneralAccess") || undefined;
const roleAdminAccess =
this.config.get("oauth.oidc-roleAdminAccess") || undefined;
return super.getUserInfo(token, query, claim, { return super.getUserInfo(token, query, claim, {
path: rolePath, path: rolePath,
generalAccess: roleGeneralAccess, generalAccess: roleGeneralAccess,

9
backend/src/share/guard/shareSecurity.guard.ts
View File

@ -63,9 +63,12 @@ export class ShareSecurityGuard extends JwtGuard {
const user = request.user as User; const user = request.user as User;
// Only the creator and reverse share creator can access the reverse share if it's not public // Only the creator and reverse share creator can access the reverse share if it's not public
if (share.reverseShare && !share.reverseShare.publicAccess if (
&& share.creatorId !== user?.id share.reverseShare &&
&& share.reverseShare.creatorId !== user?.id) !share.reverseShare.publicAccess &&
share.creatorId !== user?.id &&
share.reverseShare.creatorId !== user?.id
)
throw new ForbiddenException( throw new ForbiddenException(
"Only reverse share creator can access this share", "Only reverse share creator can access this share",
"private_share", "private_share",