refactor(core): Setup decorator based RBAC (no-changelog) (#5787)

2023-04-24 09:45:31 +00:00
parent feb2ba09b9
commit 1eeadc6114
23 changed files with 133 additions and 165 deletions
--- a/packages/cli/src/controllers/nodes.controller.ts
+++ b/packages/cli/src/controllers/nodes.controller.ts
@@ -4,7 +4,7 @@ import {
 	STARTER_TEMPLATE_NAME,
 	UNKNOWN_FAILURE_REASON,
 } from '@/constants';
-import { Delete, Get, Middleware, Patch, Post, RestController } from '@/decorators';
+import { Authorized, Delete, Get, Middleware, Patch, Post, RestController } from '@/decorators';
 import { NodeRequest } from '@/requests';
 import { BadRequestError, InternalServerError } from '@/ResponseHelper';
 import {
@@ -30,10 +30,10 @@ import { LoadNodesAndCredentials } from '@/LoadNodesAndCredentials';
 import { InternalHooks } from '@/InternalHooks';
 import { Push } from '@/push';
 import { Config } from '@/config';
-import { isAuthenticatedRequest } from '@/UserManagement/UserManagementHelper';

 const { PACKAGE_NOT_INSTALLED, PACKAGE_NAME_NOT_PROVIDED } = RESPONSE_ERROR_MESSAGES;

+@Authorized(['global', 'owner'])
@RestController('/nodes')
 export class NodesController {
 	constructor(
@@ -43,14 +43,6 @@ export class NodesController {
 		private internalHooks: InternalHooks,
 	) {}

-	// TODO: move this into a new decorator `@Authorized`
-	@Middleware()
-	checkIfOwner(req: Request, res: Response, next: NextFunction) {
-		if (!isAuthenticatedRequest(req) || req.user.globalRole.name !== 'owner')
-			res.status(403).json({ status: 'error', message: 'Unauthorized' });
-		else next();
-	}
-
 	// TODO: move this into a new decorator `@IfConfig('executions.mode', 'queue')`
 	@Middleware()
 	checkIfCommunityNodesEnabled(req: Request, res: Response, next: NextFunction) {