github.com/verdaccio
1
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-02-21 07:29:37 +01:00
Code Releases Wiki Activity

chore: improve logic on allow_action

Browse Source
This commit is contained in:
Juan Picado @jotadeveloper 2018-07-15 00:30:47 +02:00
parent 9ef13fb6b6
commit 9f4602830d
No known key found for this signature in database
GPG Key ID: 18AC54485952D158
1 changed files with 8 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/lib/auth-utils.js
View File

@ -2,23 +2,18 @@ import {ErrorCode} from './utils';
import {API_ERROR} from './constants';
export function allow_action(action) {
return function(user, pkg, cb) {
const ok = pkg[action].reduce(function(prev, curr) {
if (user.name === curr || user.groups.indexOf(curr) !== -1) {
return true;
}
return function(user, pkg, callback) {
const {name, groups} = user;
const hasPermission = pkg[action].some((group) => name === group || groups.includes(group));
return prev;
}, false);
if (ok) {
return cb(null, true);
if (hasPermission) {
return callback(null, true);
}
if (user.name) {
cb(ErrorCode.getForbidden(`user ${user.name} is not allowed to ${action} package ${pkg.name}`));
if (name) {
callback(ErrorCode.getForbidden(`user ${name} is not allowed to ${action} package ${pkg.name}`));
} else {
cb(ErrorCode.getForbidden(`unregistered users are not allowed to ${action} package ${pkg.name}`));
callback(ErrorCode.getForbidden(`unregistered users are not allowed to ${action} package ${pkg.name}`));
}
};
}