22 lines
762 B
JavaScript
22 lines
762 B
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.requirePermission = requirePermission;
|
|
const AbilityFactory_1 = require("../../infrastructure/casl/AbilityFactory");
|
|
function requirePermission(action, subject) {
|
|
return function rbacMiddleware(req, res, next) {
|
|
if (!req.user) {
|
|
res.status(401).json({ error: 'Unauthorized' });
|
|
return;
|
|
}
|
|
const ability = (0, AbilityFactory_1.defineAbilityFor)(req.user.role);
|
|
if (!ability.can(action, subject)) {
|
|
res.status(403).json({
|
|
error: 'Forbidden',
|
|
message: `You do not have permission to ${action} ${subject}`,
|
|
});
|
|
return;
|
|
}
|
|
next();
|
|
};
|
|
}
|