From 6350963e77a4e4dddcf2f8e21f5b2659f6fa0f13 Mon Sep 17 00:00:00 2001 From: rainbownapkin Date: Tue, 19 Nov 2024 08:37:12 -0500 Subject: [PATCH] Fixed "anon" rank in perm checks. --- src/schemas/permissionSchema.js | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/src/schemas/permissionSchema.js b/src/schemas/permissionSchema.js index 1fc2bc9..1f40309 100644 --- a/src/schemas/permissionSchema.js +++ b/src/schemas/permissionSchema.js @@ -84,29 +84,40 @@ permissionSchema.statics.rankToNum = function(rank){ } permissionSchema.statics.permCheck = async function(user, perm){ + //Get permission list const perms = await this.getPerms(); + //Set user to anon rank if no rank was found for the given user + if(user == null || user.rank == null){ + user ={ + rank: "anon" + }; + } + + console.log(user.rank); + + //Check if this permission exists if(perms[perm] != null){ + //if so get required rank as a number requiredRank = this.rankToNum(perms[perm]) + //if so get user rank as a number userRank = user ? this.rankToNum(user.rank) : 0; + //return whether or not the user is equal to or higher than the required rank for this permission return (userRank >= requiredRank); }else{ + //if not scream and shout throw new Error(`Permission check '${perm}' not found!`); } } permissionSchema.statics.reqPermCheck = function(perm){ return async (req, res, next)=>{ - if(req.session.user){ - if(await permissionSchema.statics.permCheck(req.session.user, perm)){ - next(); - }else{ - res.status(401); - res.send({error:`You do not have a high enough rank to access this resource.`}); - } + + if(await permissionSchema.statics.permCheck(req.session.user, perm)){ + next(); }else{ res.status(401); - res.send({error:`You must login to access this resource.`}); + res.send({error:`You do not have a high enough rank to access this resource.`}); } } }