From 2851a2e9c83f681c626a3fb83263d2153b8de6b5 Mon Sep 17 00:00:00 2001
From: Alexander Borg <borg@servernet.se>
Date: Mon, 15 Sep 2025 06:38:23 +0200
Subject: [PATCH] Fix jwt-token

---
 server/middleware/multi-tenant-auth.js        | 30 ++++++++++++++
 server/middleware/rbac.js                     | 39 +++++++++++++++++++
 .../middleware/multi-tenant-auth.test.js      |  2 +-
 server/tests/middleware/rbac.test.js          |  2 +-
 4 files changed, 71 insertions(+), 2 deletions(-)

diff --git a/server/middleware/multi-tenant-auth.js b/server/middleware/multi-tenant-auth.js
index 0c18ee7..e697e8a 100644
--- a/server/middleware/multi-tenant-auth.js
+++ b/server/middleware/multi-tenant-auth.js
@@ -306,6 +306,36 @@ class MultiTenantAuth {
       return null;
     }
   }
+
+  /**
+   * Validate that a user has access to a specific tenant
+   * @param {string} userId - The user ID
+   * @param {string} tenantSlug - The tenant slug
+   * @returns {boolean} - True if user has access to tenant
+   */
+  async validateTenantAccess(userId, tenantSlug) {
+    try {
+      const { User, Tenant } = require('../models');
+      
+      // Find the user
+      const user = await User.findByPk(userId, {
+        include: [{
+          model: Tenant,
+          as: 'tenant'
+        }]
+      });
+      
+      if (!user) {
+        return false;
+      }
+      
+      // Check if user's tenant matches the requested tenant
+      return user.tenant && user.tenant.slug === tenantSlug;
+    } catch (error) {
+      console.error('Error validating tenant access:', error);
+      return false;
+    }
+  }
 }
 
 module.exports = MultiTenantAuth;
diff --git a/server/middleware/rbac.js b/server/middleware/rbac.js
index a49e0de..98f98f3 100644
--- a/server/middleware/rbac.js
+++ b/server/middleware/rbac.js
@@ -117,6 +117,44 @@ const hasPermission = (userRole, permission) => {
   return ROLES[userRole].includes(permission);
 };
 
+/**
+ * Compatibility function for tests - converts resource.action format to permission
+ * @param {string} userRole - The user's role
+ * @param {string} resource - The resource (e.g., 'devices', 'users')
+ * @param {string} action - The action (e.g., 'read', 'create', 'update', 'delete')
+ * @returns {boolean} - True if user has permission
+ */
+const checkPermission = (userRole, resource, action) => {
+  // Map common actions to our permission system
+  const actionMap = {
+    'read': 'view',
+    'create': 'create',
+    'update': 'edit',
+    'delete': 'delete',
+    'manage': 'manage'
+  };
+  
+  // Special cases for resource mapping
+  const resourceMap = {
+    'devices': 'devices',
+    'users': 'users',
+    'detections': 'detections',
+    'alerts': 'alerts',
+    'dashboard': 'dashboard',
+    'branding': 'branding',
+    'security': 'security',
+    'ip_restrictions': 'security',
+    'audit_logs': 'security',
+    'ui_customization': 'branding'
+  };
+  
+  const mappedResource = resourceMap[resource] || resource;
+  const mappedAction = actionMap[action] || action;
+  const permission = `${mappedResource}.${mappedAction}`;
+  
+  return hasPermission(userRole, permission);
+};
+
 /**
  * Check if a user has any of the specified permissions
  * @param {string} userRole - The user's role
@@ -222,6 +260,7 @@ module.exports = {
   PERMISSIONS,
   ROLES,
   hasPermission,
+  checkPermission,
   hasAnyPermission,
   hasAllPermissions,
   getPermissions,
diff --git a/server/tests/middleware/multi-tenant-auth.test.js b/server/tests/middleware/multi-tenant-auth.test.js
index 6892e75..7cac3e4 100644
--- a/server/tests/middleware/multi-tenant-auth.test.js
+++ b/server/tests/middleware/multi-tenant-auth.test.js
@@ -153,7 +153,7 @@ describe('Multi-Tenant Authentication Middleware', () => {
       const res = mockResponse();
       const next = mockNext();
 
-      await multiAuth.middleware(req, res, next);
+      await multiAuth.authenticate(req, res, next);
 
       expect(res.statusCode).to.equal(403);
       expect(res.data).to.deep.equal({
diff --git a/server/tests/middleware/rbac.test.js b/server/tests/middleware/rbac.test.js
index edeb561..4d2d17a 100644
--- a/server/tests/middleware/rbac.test.js
+++ b/server/tests/middleware/rbac.test.js
@@ -1,7 +1,7 @@
 const { describe, it, beforeEach, afterEach, before, after } = require('mocha');
 const { expect } = require('chai');
 const sinon = require('sinon');
-const { checkPermission, requirePermission } = require('../../middleware/rbac');
+const { hasPermission, checkPermission, requirePermissions } = require('../../middleware/rbac');
 const { setupTestEnvironment, teardownTestEnvironment, cleanDatabase, mockRequest, mockResponse, mockNext, createTestUser, createTestTenant } = require('../setup');
 
 describe('RBAC Middleware', () => {