Browse Source

refactor: Assert findById permission in base model updated and deleted events

Owen Diffey 9 months ago
parent
commit
fd49495beb

+ 18 - 0
backend/src/modules/DataModule/ModelDeletedEvent.ts

@@ -1,5 +1,23 @@
+import { HydratedDocument } from "mongoose";
 import DataModuleEvent from "./DataModuleEvent";
+import { UserSchema } from "@models/users/schema";
+import GetModelPermissions, { GetModelPermissionsResult } from "@models/users/jobs/GetModelPermissions";
 
 export default abstract class ModelDeletedEvent extends DataModuleEvent {
 	protected static _name = "deleted";
+
+	public static async hasPermission(
+		user: HydratedDocument<UserSchema> | null,
+		scope?: string
+	) {
+		const permissions = (await new GetModelPermissions({
+			_id: user?._id,
+			modelName: this.getModelName(),
+			modelId: scope
+		}).execute()) as GetModelPermissionsResult;
+
+		return !!(
+			permissions[`data.${this.getModelName()}.findById`]
+		);
+	}
 }

+ 18 - 0
backend/src/modules/DataModule/ModelUpdatedEvent.ts

@@ -1,5 +1,23 @@
+import { HydratedDocument } from "mongoose";
 import DataModuleEvent from "./DataModuleEvent";
+import { UserSchema } from "@models/users/schema";
+import GetModelPermissions, { GetModelPermissionsResult } from "@models/users/jobs/GetModelPermissions";
 
 export default abstract class ModelUpdatedEvent extends DataModuleEvent {
 	protected static _name = "updated";
+
+	public static async hasPermission(
+		user: HydratedDocument<UserSchema> | null,
+		scope?: string
+	) {
+		const permissions = (await new GetModelPermissions({
+			_id: user?._id,
+			modelName: this.getModelName(),
+			modelId: scope
+		}).execute()) as GetModelPermissionsResult;
+
+		return !!(
+			permissions[`data.${this.getModelName()}.findById`]
+		);
+	}
 }