Fix jwt-token

server/middleware/rbac.js

@@ -58,7 +58,6 @@ const ROLES = {
   'user_admin': [
     'tenant.view',
     'users.view', 'users.create', 'users.edit', 'users.delete', 'users.manage_roles',
-    'roles.read',
     'dashboard.view',
     'devices.view',
     'detections.view',
@@ -74,16 +73,13 @@ const ROLES = {
     'dashboard.view',
     'devices.view',
     'detections.view',
-    'alerts.view', 'alerts.create', 'alerts.edit',
-    'audit_logs.view'
+    'alerts.view'
   ],
   
   // Branding/marketing specialist
   'branding_admin': [
     'tenant.view',
-    'branding.view', 'branding.edit', 'branding.create',
-    'ui_customization.create',
-    'logo.upload',
+    'branding.view', 'branding.edit',
     'dashboard.view',
     'devices.view',
     'detections.view',
@@ -94,8 +90,8 @@ const ROLES = {
   'operator': [
     'tenant.view',
     'dashboard.view',
-    'devices.view', 'devices.manage', 'devices.update',
-    'detections.view', 'detections.create',
+    'devices.view', 'devices.manage',
+    'detections.view',
     'alerts.view', 'alerts.manage'
   ],
   
@@ -122,79 +118,69 @@ const hasPermission = (userRole, permission) => {
 };
 
 /**
- * Compatibility function for tests - converts resource.action format to permission
+ * Check permission using resource and action (for backwards compatibility)
  * @param {string} userRole - The user's role
  * @param {string} resource - The resource (e.g., 'devices', 'users')
- * @param {string} action - The action (e.g., 'read', 'create', 'update', 'delete')
+ * @param {string} action - The action (e.g., 'create', 'read', 'update', 'delete')
  * @returns {boolean} - True if user has permission
  */
 const checkPermission = (userRole, resource, action) => {
-  // Normalize inputs to lowercase for case-insensitive comparison
-  const normalizedRole = userRole ? userRole.toLowerCase() : '';
-  const normalizedResource = resource ? resource.toLowerCase() : '';
-  const normalizedAction = action ? action.toLowerCase() : '';
-  
-  // Map common actions to our permission system
-  const actionMap = {
-    'read': 'view',
-    'create': 'create',
-    'update': 'edit',
-    'delete': 'delete',
-    'manage': 'manage'
+  // Map resource + action to permission strings
+  const permissionMappings = {
+    // Device permissions
+    'devices.create': 'devices.manage',
+    'devices.read': 'devices.view',
+    'devices.update': 'devices.manage',
+    'devices.delete': 'devices.manage',
+    
+    // User permissions
+    'users.create': 'users.create',
+    'users.read': 'users.view',
+    'users.update': 'users.edit',
+    'users.delete': 'users.delete',
+    
+    // Tenant permissions
+    'tenants.create': 'tenant.edit',
+    'tenants.read': 'tenant.view',
+    'tenants.update': 'tenant.edit',
+    'tenants.delete': 'tenant.edit',
+    
+    // Role permissions
+    'roles.read': 'users.manage_roles',
+    
+    // Alert permissions
+    'alerts.create': 'alerts.manage',
+    'alerts.read': 'alerts.view',
+    'alerts.update': 'alerts.manage',
+    'alerts.delete': 'alerts.manage',
+    
+    // Detection permissions
+    'detections.create': 'detections.view',
+    'detections.read': 'detections.view',
+    'detections.update': 'detections.view',
+    'detections.delete': 'detections.view',
+    
+    // Security permissions
+    'ip_restrictions.update': 'security.edit',
+    'audit_logs.read': 'security.view',
+    
+    // Branding permissions
+    'branding.update': 'branding.edit',
+    'ui_customization.create': 'branding.edit',
+    'logo.upload': 'branding.edit',
+    
+    // Dashboard permissions
+    'dashboard.read': 'dashboard.view'
   };
   
-  // Special cases for resource mapping
-  const resourceMap = {
-    'devices': 'devices',
-    'users': 'users',
-    'detections': 'detections',
-    'alerts': 'alerts',
-    'dashboard': 'dashboard',
-    'branding': 'branding',
-    'security': 'security',
-    'ip_restrictions': 'security',
-    'audit_logs': 'security',
-    'ui_customization': 'branding'
-  };
+  const permissionKey = `${resource}.${action}`;
+  const permission = permissionMappings[permissionKey];
   
-  const mappedResource = resourceMap[normalizedResource] || normalizedResource;
-  const mappedAction = actionMap[normalizedAction] || normalizedAction;
-  const permission = `${mappedResource}.${mappedAction}`;
+  if (!permission) {
+    return false; // Unknown permission
+  }
   
-  return hasPermission(normalizedRole, permission);
-};
-
-/**
- * Compatibility function for tests - creates middleware for specific resource.action
- * @param {string} resource - The resource (e.g., 'devices', 'users')
- * @param {string} action - The action (e.g., 'read', 'create', 'update', 'delete')
- * @returns {Function} - Express middleware function
- */
-const requirePermission = (resource, action) => {
-  return (req, res, next) => {
-    if (!req.user) {
-      return res.status(401).json({
-        success: false,
-        message: 'User not authenticated'
-      });
-    }
-    
-    if (!req.user.role) {
-      return res.status(403).json({
-        success: false,
-        message: 'Insufficient permissions'
-      });
-    }
-    
-    if (!checkPermission(req.user.role, resource, action)) {
-      return res.status(403).json({
-        success: false,
-        message: 'Insufficient permissions'
-      });
-    }
-    
-    next();
-  };
+  return hasPermission(userRole, permission);
 };
 
 /**
@@ -303,7 +289,6 @@ module.exports = {
   ROLES,
   hasPermission,
   checkPermission,
-  requirePermission,
   hasAnyPermission,
   hasAllPermissions,
   getPermissions,