feat: add resource privilege check module

eliias · eliias · commit 19402cb3d611 · 2015-10-04T23:46:31.000+02:00
diff --git a/src/resource.js b/src/resource.js
@@ -0,0 +1,50 @@
+import {
+  PRIV_READ,
+  WILDCARD,
+  ALLOW,
+  DENY
+} from './constants'
+
+export default function(acl, role, privilege = PRIV_READ) {
+  const {resource} = acl
+
+  if (!resource) {
+    return false
+  }
+
+  if (!resource[ALLOW]) {
+    return false
+  }
+
+  let isAllowed = false
+
+  // wildcard allow
+  if (resource[ALLOW] && resource[ALLOW][WILDCARD]) {
+    if (resource[ALLOW][WILDCARD].includes(privilege)) {
+      isAllowed = true
+    }
+  }
+
+  // allow
+  if (resource[ALLOW] && resource[ALLOW][role.name]) {
+    if (resource[ALLOW][role.name].includes(privilege)) {
+      isAllowed = true
+    }
+  }
+
+  // wildcard deny
+  if (resource[DENY] && resource[DENY][WILDCARD]) {
+    if (resource[DENY][WILDCARD].includes(privilege)) {
+      isAllowed = false
+    }
+  }
+
+  // deny
+  if (resource[DENY] && resource[DENY][role.name]) {
+    if (resource[DENY][role.name].includes(privilege)) {
+      isAllowed = false
+    }
+  }
+
+  return isAllowed
+}
