scripts/core/services/permissionsService.ts
import _ from 'lodash';
/**
* @ngdoc service
* @module superdesk.core.services
* @name permissionsService
*
* @description
* #### Permissions service
*
* Permissions service checks if a given user or role is able to perform given actions.
*
* Usage:
*
* Checking user/permissions:
*
* ```js
* permissionsService.isUserAllowed(permissions, user);
* ```
*
* Params:
*
* {Object} permissions - permissions object in {resource: {action: true/false, ...}, ...}
* format.
*
* {Object} user - user object as returned from server.
*
* If no user is given, current logged in user will be assumed.
*
* Checking role/permissions:
*
* ```js
* permissionsService.isRoleAllowed(permissions, role);
* ```
*
* {Object} permissions - permissions object in {resource: {action: true/false, ...}, ...}
* format.
*
* {Object} role - role object as returned from server.
*/
export default angular.module('superdesk.core.services.permissions', [])
.service('permissionsService', ['$q', '$rootScope', 'em', function($q, $rootScope, em) {
this.isUserAllowed = function(permissions, user) {
var self = this;
var delay = $q.defer();
var usr = user || $rootScope.currentUser;
if (usr.role) {
if (typeof usr.role === 'string') {
em.repository('user_roles')
.find(usr.role)
.then((role) => {
delay.resolve(self.isRoleAllowed(permissions, role));
});
} else {
delay.resolve(this.isRoleAllowed(permissions, usr.role));
}
} else {
delay.resolve(false);
}
return delay.promise;
};
this._isRoleAllowedSingle = function(resource, method, role) {
var self = this;
var delay = $q.defer();
if (role.permissions && role.permissions[resource] && role.permissions[resource][method]) {
delay.resolve(true);
} else if (role.extends) {
em.repository('user_roles')
.find(role.extends)
.then((extendedFrom) => {
delay.resolve(self._isRoleAllowedSingle(resource, method, extendedFrom));
});
}
return delay.promise;
};
this.isRoleAllowed = function(permissions, role) {
var self = this;
var delay = $q.defer();
var promises = [];
_.forEach(permissions, (methods, resource) => {
_.forEach(methods, (status, method) => {
promises.push(self._isRoleAllowedSingle(resource, method, role));
});
});
$q.all(promises).then((results) => {
if (results.indexOf(false) === -1) {
delay.resolve(true);
} else {
delay.resolve(false);
}
});
return delay.promise;
};
}]);