Files
Verso/services/web/app/src/Features/Helpers/AdminAuthorizationHelper.mjs
T
Andrew Rumble 07c827e9fd Merge pull request #29928 from overleaf/ar-last-infrastructure-conversions
[web] last infrastructure conversions

GitOrigin-RevId: ad1aff9b7df0610ed0303157d9e2c8032f32c02b
2025-11-28 09:05:56 +00:00

86 lines
2.5 KiB
JavaScript

import Settings from '@overleaf/settings'
import Modules from '../../infrastructure/Modules.mjs'
import { expressify } from '@overleaf/promise-utils'
import SessionManager from '../Authentication/SessionManager.mjs'
import logger from '@overleaf/logger'
export default {
hasAdminAccess,
hasAdminCapability,
canRedirectToAdminDomain,
getAdminCapabilities,
useHasAdminCapability,
useAdminCapabilities: expressify(useAdminCapabilities),
}
function hasAdminAccess(user) {
if (!Settings.adminPrivilegeAvailable) return false
if (!user) return false
return Boolean(user.isAdmin)
}
function hasAdminCapability(capability, requireAdminRoles = true) {
return req => {
if (requireAdminRoles && !Settings.adminRolesEnabled) {
return false
}
if (!hasAdminAccess(SessionManager.getSessionUser(req.session))) {
return false
}
const { adminCapabilitiesAvailable, adminCapabilities } = req
if (!adminCapabilitiesAvailable) {
// We can't know which capabilities are possible, so we assume all are available for admins.
return true
}
return adminCapabilities?.includes(capability)
}
}
async function getAdminCapabilities(user) {
const rawAdminCapabilties = await Modules.promises.hooks.fire(
'getAdminCapabilities',
user
)
return {
adminCapabilities: [...new Set(rawAdminCapabilties.flat())],
adminCapabilitiesAvailable: rawAdminCapabilties.length > 0,
}
}
async function useAdminCapabilities(req, res, next) {
if (req.adminCapabilities) {
return next()
}
const user = SessionManager.getSessionUser(req.session)
if (!hasAdminAccess(user)) {
req.adminCapabilities = []
return next()
}
try {
const { adminCapabilities, adminCapabilitiesAvailable } =
await getAdminCapabilities(user)
req.adminCapabilities = adminCapabilities
req.adminCapabilitiesAvailable = adminCapabilitiesAvailable
} catch (err) {
logger.warn({ err, req }, 'Failed to get admin capabilities')
req.adminCapabilities = []
// Admin capabilities are likely available because we shouldn't throw otherwise.
req.adminCapabilitiesAvailable = true
}
next()
}
function useHasAdminCapability(req, res, next) {
res.locals.hasAdminCapability = (capability, requireAdminRoles = true) =>
hasAdminCapability(capability, requireAdminRoles)(req)
next()
}
function canRedirectToAdminDomain(user) {
if (Settings.adminPrivilegeAvailable) return false
if (!Settings.adminUrl) return false
if (!user) return false
return Boolean(user.isAdmin)
}