tracker/api-js/src/auth/check-user-is-admin-for-user.js at fix-client-python-req · LearningAzure2020/tracker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
import { t } from '@lingui/macro'

export const checkUserIsAdminForUser =
  ({ i18n, userKey, query }) =>
  async ({ userName }) => {
    const requestingUserId = `users/${userKey}`
    let cursor

    try {
      cursor = await query`
      WITH affiliations, organizations, users
      FOR v, e IN 1 INBOUND ${requestingUserId} affiliations
        FILTER e.permission == "super_admin"
        RETURN e.permission
    `
    } catch (err) {
      console.error(
        `Database error when checking to see if user: ${userKey} has super admin permission for user: ${userName}, error: ${err}`,
      )
      throw new Error(i18n._(t`Permission error, not an admin for this user.`))
    }

    let permission
    try {
      permission = await cursor.next()
    } catch (err) {
      console.error(
        `Cursor error when checking to see if user: ${userKey} has super admin permission for user: ${userName}, error: ${err}`,
      )
      throw new Error(i18n._(t`Permission error, not an admin for this user.`))
    }

    if (permission === 'super_admin') {
      return true
    } else {
      try {
        cursor = await query`
        WITH affiliations, organizations, users
        LET requestingUserOrgKeys = (
          FOR v, e IN 1 INBOUND ${requestingUserId} affiliations
            FILTER e.permission == "admin"
            RETURN v._key
        )

        LET requestedUser = (
          FOR user IN users
            FILTER user.userName == ${userName}
            RETURN user
        )

        LET requestedUserOrgKeys = (
          FOR v, e IN 1 INBOUND requestedUser[0]._id affiliations
            RETURN v._key
        )

        RETURN (LENGTH(INTERSECTION(requestingUserOrgKeys, requestedUserOrgKeys)) > 0 ? true : false)
      `
      } catch (err) {
        console.error(
          `Database error when checking to see if user: ${userKey} has admin permission for user: ${userName}, error: ${err}`,
        )
        throw new Error(
          i18n._(t`Permission error, not an admin for this user.`),
        )
      }

      let isAdmin
      try {
        isAdmin = await cursor.next()
      } catch (err) {
        console.error(
          `Cursor error when checking to see if user: ${userKey} has admin permission for user: ${userName}, error: ${err}`,
        )
        throw new Error(
          i18n._(t`Permission error, not an admin for this user.`),
        )
      }

      return isAdmin
    }
  }