mirror of
https://github.com/BobbyWibowo/lolisafe.git
synced 2024-12-13 16:06:21 +00:00
fcf4c00de7
Fix: non-root staffs are now able to delete files by any users (previously they could only list them).
33 lines
1013 B
JavaScript
33 lines
1013 B
JavaScript
const permissionController = {}
|
|
|
|
permissionController.permissions = {
|
|
user: 0, // upload & delete own files, create & delete albums
|
|
moderator: 50, // delete other user's files
|
|
admin: 80, // manage users (disable accounts) & create moderators
|
|
superadmin: 100 // create admins
|
|
// groups will inherit permissions from groups which have lower value
|
|
}
|
|
|
|
permissionController.is = (user, group) => {
|
|
// root bypass
|
|
if (user.username === 'root') { return true }
|
|
const permission = user.permission || 0
|
|
return permission >= permissionController.permissions[group]
|
|
}
|
|
|
|
permissionController.higher = (user, target) => {
|
|
const userPermission = user.permission || 0
|
|
const targetPermission = target.permission || 0
|
|
return userPermission > targetPermission
|
|
}
|
|
|
|
permissionController.mapPermissions = user => {
|
|
const map = {}
|
|
Object.keys(permissionController.permissions).forEach(group => {
|
|
map[group] = permissionController.is(user, group)
|
|
})
|
|
return map
|
|
}
|
|
|
|
module.exports = permissionController
|