sunrise-cms/handlers/permissions.js

import * as configFunctions from '../helpers/functions.config.js';
import * as userFunctions from '../helpers/functions.user.js';
const urlPrefix = configFunctions.getConfigProperty('reverseProxy.urlPrefix');
const forbiddenStatus = 403;
const forbiddenJSON = {
    success: false,
    message: 'Forbidden'
};
const forbiddenRedirectURL = `${urlPrefix}/dashboard/?error=accessDenied`;
export function adminGetHandler(request, response, next) {
    if (userFunctions.userIsAdmin(request)) {
        next();
        return;
    }
    response.redirect(forbiddenRedirectURL);
}
export function adminPostHandler(request, response, next) {
    if (userFunctions.userIsAdmin(request)) {
        next();
        return;
    }
    response.status(forbiddenStatus).json(forbiddenJSON);
}
export function updateGetHandler(request, response, next) {
    if (userFunctions.userCanUpdate(request)) {
        next();
        return;
    }
    response.redirect(forbiddenRedirectURL);
}
export function updatePostHandler(request, response, next) {
    if (userFunctions.userCanUpdate(request)) {
        next();
        return;
    }
    response.status(forbiddenStatus).json(forbiddenJSON);
}
export async function apiGetHandler(request, response, next) {
    if (await userFunctions.apiKeyIsValid(request)) {
        next();
    }
    else {
        response.redirect(`${urlPrefix}/login`);
    }
}