generated from azures04/Base-REST-API
azures04
f8c1340b41
Renamed licenceRepository.js to licenseRepository.js and updated its API to use status instead of userId for licenses. Moved permission checking logic from userRepository to permissionsRepository. Added new service layers for license, permissions, and user management, implementing error handling and business logic. Removed the old register.js service and cleaned up test.js. Updated database schema to remove userId from licenses.
78 lines
1.9 KiB
JavaScript
78 lines
1.9 KiB
JavaScript
const database = require("../modules/database")
|
|
|
|
function grant(userId, productId, channel, permissionKey) {
|
|
const query = `
|
|
INSERT INTO permissions (
|
|
userId,
|
|
productId,
|
|
channel,
|
|
permissionKey
|
|
)
|
|
|
|
VALUES (
|
|
?,
|
|
?,
|
|
?,
|
|
?
|
|
)
|
|
`
|
|
const statement = database.prepare(query)
|
|
return statement.run(userId, productId, channel, permissionKey)
|
|
}
|
|
|
|
function revoke(userId, productId, channel, permissionKey) {
|
|
const query = `
|
|
DELETE FROM permissions
|
|
WHERE userId = ?
|
|
AND productId = ?
|
|
AND channel = ?
|
|
AND permissionKey = ?
|
|
`
|
|
const statement = database.prepare(query)
|
|
return statement.run(userId, productId, channel, permissionKey)
|
|
}
|
|
|
|
function findByUserAndProduct(userId, productId) {
|
|
const query = `
|
|
SELECT channel, permissionKey
|
|
FROM permissions
|
|
WHERE userId = ?
|
|
AND productId = ?
|
|
`
|
|
const statement = database.prepare(query)
|
|
return statement.all(userId, productId)
|
|
}
|
|
|
|
function revokeAllOnProduct(userId, productId) {
|
|
const query = `
|
|
DELETE FROM permissions
|
|
WHERE userId = ?
|
|
AND productId = ?
|
|
`
|
|
const statement = database.prepare(query)
|
|
return statement.run(userId, productId)
|
|
}
|
|
|
|
function hasPermission(userId, productName, channel, permission) {
|
|
const query = `
|
|
SELECT 1 FROM permissions p
|
|
JOIN products pr ON p.product_id = pr.id
|
|
WHERE p.user_id = ?
|
|
AND pr.name = ?
|
|
AND (p.channel = ? OR p.channel = '*')
|
|
AND p.permission_key = ?
|
|
`
|
|
|
|
const stmt = db.prepare(query)
|
|
const result = stmt.get(userId, productName, channel, permission)
|
|
|
|
return !!result
|
|
}
|
|
|
|
module.exports = {
|
|
grant,
|
|
revoke,
|
|
hasPermission,
|
|
revokeAllOnProduct,
|
|
findByUserAndProduct,
|
|
} |