filesafe/controllers/permissionController.js

const permissionController = {}

permissionController.permissions = {
  user: 0, // upload & delete own files, create & delete albums
  moderator: 50, // delete other user's files
  admin: 80, // manage users (disable accounts) & create moderators
  superadmin: 100 // create admins
  // groups will inherit permissions from groups which have lower value
}

permissionController.is = (user, group) => {
  // root bypass
  if (user.username === 'root') return true
  const permission = user.permission || 0
  return permission >= permissionController.permissions[group]
}

permissionController.higher = (user, target) => {
  const userPermission = user.permission || 0
  const targetPermission = target.permission || 0
  return userPermission > targetPermission
}

permissionController.mapPermissions = user => {
  const map = {}
  Object.keys(permissionController.permissions).forEach(group => {
    map[group] = permissionController.is(user, group)
  })
  return map
}

module.exports = permissionController
Moved permission-related functions to permissionController Fix: non-root staffs are now able to delete files by any users (previously they could only list them). 2018-10-13 11:06:58 +00:00			`const permissionController = {}`

			`permissionController.permissions = {`
			`user: 0, // upload & delete own files, create & delete albums`
			`moderator: 50, // delete other user's files`
			`admin: 80, // manage users (disable accounts) & create moderators`
			`superadmin: 100 // create admins`
			`// groups will inherit permissions from groups which have lower value`
			`}`

			`permissionController.is = (user, group) => {`
			`// root bypass`
Updated ESLint rule: curly No more enforced curly for if/else/for/while/do blocks w/ one statement. With that said, auto-fixed all JS files to follow the rule. I'd also like to apologize for the inconveniences this commit cause, after all it was me who intentionally enforced curly rule back then. Why the change of heart? After doing some more non-JS codes recently, I realized it was pretty stupid of me to enforce that. 2018-12-18 17:01:28 +00:00			`if (user.username === 'root') return true`
Moved permission-related functions to permissionController Fix: non-root staffs are now able to delete files by any users (previously they could only list them). 2018-10-13 11:06:58 +00:00			`const permission = user.permission \|\| 0`
			`return permission >= permissionController.permissions[group]`
			`}`

			`permissionController.higher = (user, target) => {`
			`const userPermission = user.permission \|\| 0`
			`const targetPermission = target.permission \|\| 0`
			`return userPermission > targetPermission`
			`}`

			`permissionController.mapPermissions = user => {`
			`const map = {}`
			`Object.keys(permissionController.permissions).forEach(group => {`
			`map[group] = permissionController.is(user, group)`
			`})`
			`return map`
			`}`

			`module.exports = permissionController`