41 lines
1.4 KiB
JavaScript
41 lines
1.4 KiB
JavaScript
// FILE: src/middleware/permissions.js
|
|
// Permission calculation and enrichment middleware
|
|
// - Computes effective permissions for a user based on their roles
|
|
// - Attaches permissions to req.user.permissions
|
|
|
|
import { Role, Permission, UserRole, RolePermission } from "../db/sequelize.js";
|
|
|
|
/**
|
|
* คืนชุด permission (string[]) ของ user_id
|
|
*/
|
|
export async function computeEffectivePermissions(user_id) {
|
|
// ดึง roles ของผู้ใช้
|
|
const userRoles = await UserRole.findAll({ where: { user_id } });
|
|
const roleIds = userRoles.map((r) => r.role_id);
|
|
if (!roleIds.length) return [];
|
|
|
|
// ดึง permission ผ่าน role_permissions
|
|
const rp = await RolePermission.findAll({ where: { role_id: roleIds } });
|
|
const permIds = [...new Set(rp.map((x) => x.permission_id))];
|
|
if (!permIds.length) return [];
|
|
|
|
const perms = await Permission.findAll({ where: { permission_id: permIds } });
|
|
return [...new Set(perms.map((p) => p.permission_name))];
|
|
}
|
|
|
|
/**
|
|
* middleware: เติม permissions ลง req.user.permissions
|
|
*/
|
|
export function enrichPermissions() {
|
|
return async (req, _res, next) => {
|
|
if (!req.user?.user_id) return next();
|
|
try {
|
|
const perms = await computeEffectivePermissions(req.user.user_id);
|
|
req.user.permissions = perms;
|
|
} catch (e) {
|
|
req.user.permissions = [];
|
|
}
|
|
next();
|
|
};
|
|
}
|