Fix jwt-token
This commit is contained in:
@@ -306,6 +306,36 @@ class MultiTenantAuth {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate that a user has access to a specific tenant
|
||||
* @param {string} userId - The user ID
|
||||
* @param {string} tenantSlug - The tenant slug
|
||||
* @returns {boolean} - True if user has access to tenant
|
||||
*/
|
||||
async validateTenantAccess(userId, tenantSlug) {
|
||||
try {
|
||||
const { User, Tenant } = require('../models');
|
||||
|
||||
// Find the user
|
||||
const user = await User.findByPk(userId, {
|
||||
include: [{
|
||||
model: Tenant,
|
||||
as: 'tenant'
|
||||
}]
|
||||
});
|
||||
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check if user's tenant matches the requested tenant
|
||||
return user.tenant && user.tenant.slug === tenantSlug;
|
||||
} catch (error) {
|
||||
console.error('Error validating tenant access:', error);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = MultiTenantAuth;
|
||||
|
||||
@@ -117,6 +117,44 @@ const hasPermission = (userRole, permission) => {
|
||||
return ROLES[userRole].includes(permission);
|
||||
};
|
||||
|
||||
/**
|
||||
* Compatibility function for tests - converts resource.action format to permission
|
||||
* @param {string} userRole - The user's role
|
||||
* @param {string} resource - The resource (e.g., 'devices', 'users')
|
||||
* @param {string} action - The action (e.g., 'read', 'create', 'update', 'delete')
|
||||
* @returns {boolean} - True if user has permission
|
||||
*/
|
||||
const checkPermission = (userRole, resource, action) => {
|
||||
// Map common actions to our permission system
|
||||
const actionMap = {
|
||||
'read': 'view',
|
||||
'create': 'create',
|
||||
'update': 'edit',
|
||||
'delete': 'delete',
|
||||
'manage': 'manage'
|
||||
};
|
||||
|
||||
// Special cases for resource mapping
|
||||
const resourceMap = {
|
||||
'devices': 'devices',
|
||||
'users': 'users',
|
||||
'detections': 'detections',
|
||||
'alerts': 'alerts',
|
||||
'dashboard': 'dashboard',
|
||||
'branding': 'branding',
|
||||
'security': 'security',
|
||||
'ip_restrictions': 'security',
|
||||
'audit_logs': 'security',
|
||||
'ui_customization': 'branding'
|
||||
};
|
||||
|
||||
const mappedResource = resourceMap[resource] || resource;
|
||||
const mappedAction = actionMap[action] || action;
|
||||
const permission = `${mappedResource}.${mappedAction}`;
|
||||
|
||||
return hasPermission(userRole, permission);
|
||||
};
|
||||
|
||||
/**
|
||||
* Check if a user has any of the specified permissions
|
||||
* @param {string} userRole - The user's role
|
||||
@@ -222,6 +260,7 @@ module.exports = {
|
||||
PERMISSIONS,
|
||||
ROLES,
|
||||
hasPermission,
|
||||
checkPermission,
|
||||
hasAnyPermission,
|
||||
hasAllPermissions,
|
||||
getPermissions,
|
||||
|
||||
@@ -153,7 +153,7 @@ describe('Multi-Tenant Authentication Middleware', () => {
|
||||
const res = mockResponse();
|
||||
const next = mockNext();
|
||||
|
||||
await multiAuth.middleware(req, res, next);
|
||||
await multiAuth.authenticate(req, res, next);
|
||||
|
||||
expect(res.statusCode).to.equal(403);
|
||||
expect(res.data).to.deep.equal({
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
const { describe, it, beforeEach, afterEach, before, after } = require('mocha');
|
||||
const { expect } = require('chai');
|
||||
const sinon = require('sinon');
|
||||
const { checkPermission, requirePermission } = require('../../middleware/rbac');
|
||||
const { hasPermission, checkPermission, requirePermissions } = require('../../middleware/rbac');
|
||||
const { setupTestEnvironment, teardownTestEnvironment, cleanDatabase, mockRequest, mockResponse, mockNext, createTestUser, createTestTenant } = require('../setup');
|
||||
|
||||
describe('RBAC Middleware', () => {
|
||||
|
||||
Reference in New Issue
Block a user