refactor: Assert permission as default to authorize event

backend/src/modules/DataModule/ModelUpdatedEvent.ts

@@ -1,5 +1,25 @@
+import { HydratedDocument } from "mongoose";
 import DataModuleEvent from "./DataModuleEvent";
+import { UserSchema } from "./models/users/schema";
+import { GetPermissionsResult } from "./models/users/jobs/GetPermissions";
+import GetModelPermissions from "./models/users/jobs/GetModelPermissions";
 
 export default abstract class ModelUpdatedEvent extends DataModuleEvent {
 	protected static _name = "updated";
+
+	public static async hasPermission(
+		user: HydratedDocument<UserSchema> | null,
+		scope?: string
+	) {
+		const permissions = (await new GetModelPermissions({
+			_id: user?._id,
+			modelName: this.getModelName(),
+			modelId: scope
+		}).execute()) as GetPermissionsResult;
+
+		return !!(
+			permissions[`event:${this.getKey(scope)}`] ||
+			permissions[`event:${this.getPath()}:*`]
+		);
+	}
 }

backend/src/modules/EventsModule/Event.ts

@@ -1,5 +1,7 @@
 import { HydratedDocument } from "mongoose";
 import { UserSchema } from "@models/users/schema";
+import { GetPermissionsResult } from "../DataModule/models/users/jobs/GetPermissions";
+import DataModule from "../DataModule";
 
 export default abstract class Event {
 	protected static _namespace: string;
@@ -8,11 +10,6 @@ export default abstract class Event {
 
 	protected static _type: "event" | "schedule" = "event";
 
-	protected static _hasPermission:
-		| boolean
-		| CallableFunction
-		| (boolean | CallableFunction)[] = false;
-
 	protected _data: any;
 
 	protected _scope?: string;
@@ -59,19 +56,16 @@ export default abstract class Event {
 		user: HydratedDocument<UserSchema> | null,
 		scope?: string
 	) {
-		const options = Array.isArray(this._hasPermission)
-			? this._hasPermission
-			: [this._hasPermission];
-
-		return options.reduce(async (previous, option) => {
-			if (await previous) return true;
-
-			if (typeof option === "boolean") return option;
+		const GetPermissions = DataModule.getJob("users.getPermissions");
 
-			if (typeof option === "function") return option(user, scope);
+		const permissions = (await new GetPermissions({
+			_id: user?._id
+		}).execute()) as GetPermissionsResult;
 
-			return false;
-		}, Promise.resolve(false));
+		return !!(
+			permissions[`event:${this.getKey(scope)}`] ||
+			permissions[`event:${this.getPath()}:*`]
+		);
 	}
 
 	public static makeMessage(data: any) {

backend/src/modules/EventsModule/jobs/Subscribe.ts

@@ -2,9 +2,6 @@ import Job, { JobOptions } from "@/Job";
 import EventsModule from "@/modules/EventsModule";
 import Event from "../Event";
 
-const channelRegex =
-	/^(?<moduleName>[a-z]+)\.(?<modelName>[A-z]+)\.(?<event>[A-z]+):?(?<modelId>[A-z0-9]+)?$/;
-
 export default class Subscribe extends Job {
 	protected static _hasPermission = true;
 
@@ -27,10 +24,13 @@ export default class Subscribe extends Job {
 
 		const EventClass = EventsModule.getEvent(path);
 
-		await EventClass.hasPermission(
+		const hasPermission = await EventClass.hasPermission(
 			await this._context.getUser().catch(() => null),
 			scope
 		);
+
+		if (!hasPermission)
+			throw new Error(`Insufficient permissions for event ${channel}`);
 	}
 
 	protected async _execute() {

backend/src/modules/EventsModule/jobs/SubscribeMany.ts

@@ -3,9 +3,6 @@ import Job, { JobOptions } from "@/Job";
 import EventsModule from "@/modules/EventsModule";
 import Event from "../Event";
 
-const channelRegex =
-	/^(?<moduleName>[a-z]+)\.(?<modelName>[A-z]+)\.(?<event>[A-z]+):?(?<modelId>[A-z0-9]+)?$/;
-
 export default class SubscribeMany extends Job {
 	protected static _hasPermission = true;
 
@@ -32,10 +29,15 @@ export default class SubscribeMany extends Job {
 
 			const EventClass = EventsModule.getEvent(path);
 
-			await EventClass.hasPermission(
+			const hasPermission = await EventClass.hasPermission(
 				await this._context.getUser().catch(() => null),
 				scope
 			);
+
+			if (!hasPermission)
+				throw new Error(
+					`Insufficient permissions for event ${channel}`
+				);
 		});
 	}