From 37ea3d1a3671ae11518ad4c344398279f1c6313e Mon Sep 17 00:00:00 2001 From: Thiago Delgado Date: Thu, 22 Jul 2021 12:24:43 -0300 Subject: [PATCH] Use an object to describe permission instead of strings --- keycloak.d.ts | 18 +++++++++++++----- middleware/enforcer.js | 22 +++++++++++++++++----- 2 files changed, 30 insertions(+), 10 deletions(-) diff --git a/keycloak.d.ts b/keycloak.d.ts index 0cf6e6be..23e455d0 100644 --- a/keycloak.d.ts +++ b/keycloak.d.ts @@ -41,10 +41,15 @@ declare namespace KeycloakConnect { } interface Token { - isExpired(): boolean - hasRole(roleName: string): boolean - hasApplicationRole(appName: string, roleName: string): boolean - hasRealmRole(roleName: string): boolean + isExpired(): boolean; + hasRole(roleName: string): boolean; + hasApplicationRole(appName: string, roleName: string): boolean; + hasRealmRole(roleName: string): boolean; + } + + interface Permission { + resource: string; + scope?: string; } interface GrantManager { @@ -344,7 +349,10 @@ declare namespace KeycloakConnect { * * @param {string[]} permissions A single string representing a permission or an arrat of strings representing the permissions. For instance, 'item:read' or ['item:read', 'item:write']. */ - enforcer(permissions: string[]|string, config?: EnforcerOptions): express.RequestHandler + enforcer( + permissions: Permission[] | string | string[] | string[][], + config?: EnforcerOptions + ): express.RequestHandler; /** * Apply check SSO middleware to an application or specific URL. diff --git a/middleware/enforcer.js b/middleware/enforcer.js index 7be2ee54..0b8239c0 100644 --- a/middleware/enforcer.js +++ b/middleware/enforcer.js @@ -17,12 +17,24 @@ function handlePermissions (permissions, callback) { for (let i = 0; i < permissions.length; i++) { - const expected = permissions[i].split(':'); - const resource = expected[0]; + const permission = permissions[i]; + + let resource; let scope; - - if (expected.length > 1) { - scope = expected[1]; + if (typeof permission === 'string') { + const parts = permission.split(':'); + resource = parts[0]; + if (parts.length > 1) { + scope = parts[1]; + } + } else if (Array.isArray(permission)) { + resource = permission[0]; + if (permission.length > 1) { + scope = permission[1]; + } + } else if (typeof permission === 'object') { + resource = permission.resource; + scope = permission.scope || undefined; } let r = callback(resource, scope);