framework/unify/permissionManager.js

/*

	Copyright (c) 2020, 2023, The Unified Company.

	This code is part of Unify.

	This program is free software; you can redistribute it and/or modify
	it under the terms of the ESA Software Community License - Strong Copyleft LICENSE,
	as published by the ESA.
	See the ESA Software Community License - Strong Copyleft LICENSE, for more details.

	https://unifyjs.org 

*/


import unify		 			from '../unify/unify.js';

import userPermission		 	from '../unify/userPermission.js';

import validator				from '../unify/validator.js';


class visitor{

	value	= 2.0;
	
	label	= "Member";

	color	= "black";
	
	type	= "userGroup";
	
}


export default class permissionManager{

	__className			= "permissionManager";

	permissions	= new Array();


	addPermission( user, type ) {

		var currentPermission	= new userPermission( user, type, "allow" );
		
		this.permissions.push( currentPermission );

	}

	allow( user, type ) {

		// If the user is not signed in and this method has this.user as first argument
		// user == false, to prevent that everybody gets access:
		if( !user ) {

			return false;

		}

		this.addPermission( user, type );

		//this.permissions[ user.id ] = currentPermission; // performance upgrade
		
	}

	callPermissionMethod( object ) {

		var clone = object.simpleClone();

		if( object.type == "table" && !object.updated ) {

			object.get();

		}

		object.permissionManager.permissions = new Array();

		object.permissions = new Array(); // this is the working one

		object.permission( clone );

	}
	
	noPermissionsWarning( object ) {

		if( object.permissionManager.permissions.length == 0 ) {

			if( object.debug ) {

				console.log("No permissions are set for this object, All request are rejected..");

			}
		}

	}

	createVisitor(  ) {
	
		var table 					= new global.user();
		
		table.username.value		= "Visitor";

		table.id 					= 0;

		table.groups				= new visitor();

		return table;
	
	}

	isAllowed( user, type, object ) {

		if( !user ) {

			// todo: do this in the core
			user	= this.createVisitor(  );

		}

		if( object.permission ) {

			this.callPermissionMethod( object );

			this.noPermissionsWarning( object );

		} 

		var permission 		= new userPermission( user, type );
		
		if( this.permissions.length == 0 ) {
		
			return false;
		
		}

		var isPermitted = this.checkPermissions( permission );

		if( isPermitted ) {

			return true;

		} else {
		
			return false;

		}

	}

	checkPermissions( permissionB ) {

		for( var c = 0; c < this.permissions.length; c++ ) {
		
			var permission	= this.permissions[c];

			if( this.checkPermission( permission, permissionB ) ) {
			
				return true;
			
			}
			
		}

		return false;

	}

	checkCollectionPermission( permission, permissionB ) {
	
		var permissionA 		= new userPermission( permissionB.userObject, permission.type, permissionB.userObject );

		if( this.comparePermission( permissionA, permissionB ) ) {
		
			return true;
		
		}
	
	/*
		var users 	=  collection.querySelect();

		for(var b = 0; b<users.length; b++) {
		
			var permissionA = {};
			
			permissionA.type	= permission.type;
			permissionA.policy	= permission.policy;
			permissionA.userObject	= users[b];

			if( this.comparePermission( permissionA, permissionB ) ) {
			
				return true;
			
			}
		}

	*/
	
	}

	checkRenderObjectPermissionUser( permissionA, permissionB, validator ) {

		if( currentUser.value ) {
					
			var permissionA 		= new userPermission();
			
			permissionA.type		= permission.type;

			permissionA.policy		= permission.policy;

			permissionA.userObject	= currentUser[ b ];
			
			
			if( this.comparePermission( permissionA, permissionB ) ) {
			
				validator.isValid = true;
			
			}
			
		}

	}


	checkRenderobjectPermission( permission, permissionB ) {
	
		var userObject	= permission.userObject;

		var users 		= userObject.rows;

		var validator	= new validator();
		
		for( var b = 0; b < users.length; b++ ) {
			
			var currentUser = users[b];

			this.checkRenderObjectPermissionUser( permissionA, permissionB, validator );

			if( validator.isValid ) {

				return true;

			}

		}

	}
	
	checkUserGroupPermission( permission, permissionB ) {
	
		var user 		= permissionB.userObject;

		var userGroup	= permission.userObject;

		if(!user.groups) {

			return false;
		}

		//console.log(user);

		if( user.groups.value != userGroup.value ) {

			return false;

		}

		if( permissionB.type != permission.type ) {

			return false;

		}

		return true;
		
	}

	isDefined( userObject, validator ) {

		if( !userObject ) {
		
			validator.isValid	= false;
		
		}

	}

	isUserPlaceholder( userObject, validator ) {

		if( userObject == "userplaceholder" ) {

			validator.isValid	= false;

		}

	}
	
	validateVisitor( permission, permissionB, validator ) {

		if( !permissionB.userObject ) {

			if( permission.userObject.__className == "visitor" ) {

				validator.isValid	= true;

			} else {

				validator.isValid	= false;

			}

		}

	}

	compareUser( permission, permissionB, validator ) {

		if( this.comparePermission( permission, permissionB ) ) {
		
			validator.isValid	= true;
		
		}

	}

	compareCollection( permission, permissionB, validator ) {

		if( this.checkCollectionPermission( permission, permissionB ) ) {
		
			validator.isValid	= true;
		
		}

	}

	compareRenderCollection( permission, permissionB, validator ) {

		
		if( this.checkRenderobjectPermission( permission, permissionB ) ) {
		
			validator.isValid	= true;
		
		}

	}

	compareUserGroup( permission, permissionB, validator ) {

		if( this.checkUserGroupPermission( permission, permissionB ) ) {
		
			validator.isValid	= true;
		
		}

	}

	validateObjects( userObject, validator ) {

		this.isDefined( userObject, validator );

		this.isUserPlaceholder( userObject, validator );

	}

	compareObjects( userObject, permission, permissionB, validator ) {

		switch( userObject.getClassName() ) {

			case "user":

				this.compareUser( permission, permissionB, validator );
			
			break;

			case "userObject":

				this.compareUser( permission, permissionB, validator );
			
			break;
			
			case "collection":
			
				this.compareCollection( permission, permissionB, validator );
				
			break;
			
			default:
			
				if( userObject.type == "renderCollection") {

					this.compareRenderCollection( permission, permissionB, validator );

				}
				
				if ( userObject.type == "userGroup") { 
				
					this.compareUserGroup( permission, permissionB, validator );

				}

				if ( userObject.isUser ) { 
				
					this.compareUser( permission, permissionB, validator );

				}

		}

		return validator;

	}

	checkPermission( permission, permissionB ) {
	
		var userObject 		= permission.userObject;

		var validator		= new Object();

		validator.isValid	= true;

		this.validateObjects( userObject, validator );

		this.validateVisitor( permission, permissionB, validator );
		

		if( !validator.isValid ) {

			return false;

		}

		validator.isValid	= false;

		unify.extend( userObject );

		this.compareObjects( userObject, permission, permissionB, validator );

		return validator.isValid;

	}
	
	comparePermission( permissionA, permissionB ) {

		if( permissionA.userObject.id == 0 ) {

			return false;

		}

		if( permissionA.userObject.id != permissionB.userObject.id ) {

			return false;

		}

		if( permissionA.type != permissionB.type ) {

			return false;

		}

		if( permissionA.policy != "allow" ) {

			return false;

		}

		return true;

	}
	
	deny( user, type ) {

		var currentPermission 			= new userPermission( user, type );

		this.permissions.push( currentPermission );

	}

}
First commit 2025-12-25 11:16:59 +01:00			`/*`

			`Copyright (c) 2020, 2023, The Unified Company.`

			`This code is part of Unify.`

			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the ESA Software Community License - Strong Copyleft LICENSE,`
			`as published by the ESA.`
			`See the ESA Software Community License - Strong Copyleft LICENSE, for more details.`

			`https://unifyjs.org`

			`*/`


			`import unify from '../unify/unify.js';`

			`import userPermission from '../unify/userPermission.js';`

			`import validator from '../unify/validator.js';`


			`class visitor{`

			`value = 2.0;`

			`label = "Member";`

			`color = "black";`

			`type = "userGroup";`

			`}`


			`export default class permissionManager{`

			`__className = "permissionManager";`

			`permissions = new Array();`



			`addPermission( user, type ) {`

			`var currentPermission = new userPermission( user, type, "allow" );`

			`this.permissions.push( currentPermission );`

			`}`

			`allow( user, type ) {`

			`// If the user is not signed in and this method has this.user as first argument`
			`// user == false, to prevent that everybody gets access:`
			`if( !user ) {`

			`return false;`

			`}`

			`this.addPermission( user, type );`

			`//this.permissions[ user.id ] = currentPermission; // performance upgrade`

			`}`

			`callPermissionMethod( object ) {`

			`var clone = object.simpleClone();`

			`if( object.type == "table" && !object.updated ) {`

			`object.get();`

			`}`

			`object.permissionManager.permissions = new Array();`

			`object.permissions = new Array(); // this is the working one`

			`object.permission( clone );`

			`}`

			`noPermissionsWarning( object ) {`

			`if( object.permissionManager.permissions.length == 0 ) {`

			`if( object.debug ) {`

			`console.log("No permissions are set for this object, All request are rejected..");`

			`}`
			`}`

			`}`

			`createVisitor( ) {`

			`var table = new global.user();`

			`table.username.value = "Visitor";`

			`table.id = 0;`

			`table.groups = new visitor();`

			`return table;`

			`}`

			`isAllowed( user, type, object ) {`

			`if( !user ) {`

			`// todo: do this in the core`
			`user = this.createVisitor( );`

			`}`

			`if( object.permission ) {`

			`this.callPermissionMethod( object );`

			`this.noPermissionsWarning( object );`

			`}`

			`var permission = new userPermission( user, type );`

			`if( this.permissions.length == 0 ) {`

			`return false;`

			`}`

			`var isPermitted = this.checkPermissions( permission );`

			`if( isPermitted ) {`

			`return true;`

			`} else {`

			`return false;`

			`}`

			`}`

			`checkPermissions( permissionB ) {`

			`for( var c = 0; c < this.permissions.length; c++ ) {`

			`var permission = this.permissions[c];`

			`if( this.checkPermission( permission, permissionB ) ) {`

			`return true;`

			`}`

			`}`

			`return false;`

			`}`

			`checkCollectionPermission( permission, permissionB ) {`

			`var permissionA = new userPermission( permissionB.userObject, permission.type, permissionB.userObject );`

			`if( this.comparePermission( permissionA, permissionB ) ) {`

			`return true;`

			`}`

			`/*`
			`var users = collection.querySelect();`

			`for(var b = 0; b<users.length; b++) {`

			`var permissionA = {};`

			`permissionA.type = permission.type;`
			`permissionA.policy = permission.policy;`
			`permissionA.userObject = users[b];`

			`if( this.comparePermission( permissionA, permissionB ) ) {`

			`return true;`

			`}`
			`}`

			`*/`

			`}`

			`checkRenderObjectPermissionUser( permissionA, permissionB, validator ) {`

			`if( currentUser.value ) {`

			`var permissionA = new userPermission();`

			`permissionA.type = permission.type;`

			`permissionA.policy = permission.policy;`

			`permissionA.userObject = currentUser[ b ];`


			`if( this.comparePermission( permissionA, permissionB ) ) {`

			`validator.isValid = true;`

			`}`

			`}`

			`}`



			`checkRenderobjectPermission( permission, permissionB ) {`

			`var userObject = permission.userObject;`

			`var users = userObject.rows;`

			`var validator = new validator();`

			`for( var b = 0; b < users.length; b++ ) {`

			`var currentUser = users[b];`

			`this.checkRenderObjectPermissionUser( permissionA, permissionB, validator );`

			`if( validator.isValid ) {`

			`return true;`

			`}`

			`}`

			`}`

			`checkUserGroupPermission( permission, permissionB ) {`

			`var user = permissionB.userObject;`

			`var userGroup = permission.userObject;`

			`if(!user.groups) {`

			`return false;`
			`}`

			`//console.log(user);`

			`if( user.groups.value != userGroup.value ) {`

			`return false;`

			`}`

			`if( permissionB.type != permission.type ) {`

			`return false;`

			`}`

			`return true;`

			`}`

			`isDefined( userObject, validator ) {`

			`if( !userObject ) {`

			`validator.isValid = false;`

			`}`

			`}`

			`isUserPlaceholder( userObject, validator ) {`

			`if( userObject == "userplaceholder" ) {`

			`validator.isValid = false;`

			`}`

			`}`

			`validateVisitor( permission, permissionB, validator ) {`

			`if( !permissionB.userObject ) {`

			`if( permission.userObject.__className == "visitor" ) {`

			`validator.isValid = true;`

			`} else {`

			`validator.isValid = false;`

			`}`

			`}`

			`}`

			`compareUser( permission, permissionB, validator ) {`

			`if( this.comparePermission( permission, permissionB ) ) {`

			`validator.isValid = true;`

			`}`

			`}`

			`compareCollection( permission, permissionB, validator ) {`

			`if( this.checkCollectionPermission( permission, permissionB ) ) {`

			`validator.isValid = true;`

			`}`

			`}`

			`compareRenderCollection( permission, permissionB, validator ) {`


			`if( this.checkRenderobjectPermission( permission, permissionB ) ) {`

			`validator.isValid = true;`

			`}`

			`}`

			`compareUserGroup( permission, permissionB, validator ) {`

			`if( this.checkUserGroupPermission( permission, permissionB ) ) {`

			`validator.isValid = true;`

			`}`

			`}`

			`validateObjects( userObject, validator ) {`

			`this.isDefined( userObject, validator );`

			`this.isUserPlaceholder( userObject, validator );`

			`}`

			`compareObjects( userObject, permission, permissionB, validator ) {`

			`switch( userObject.getClassName() ) {`

			`case "user":`

			`this.compareUser( permission, permissionB, validator );`

			`break;`

			`case "userObject":`

			`this.compareUser( permission, permissionB, validator );`

			`break;`

			`case "collection":`

			`this.compareCollection( permission, permissionB, validator );`

			`break;`

			`default:`

			`if( userObject.type == "renderCollection") {`

			`this.compareRenderCollection( permission, permissionB, validator );`

			`}`

			`if ( userObject.type == "userGroup") {`

			`this.compareUserGroup( permission, permissionB, validator );`

			`}`

			`if ( userObject.isUser ) {`

			`this.compareUser( permission, permissionB, validator );`

			`}`

			`}`

			`return validator;`

			`}`

			`checkPermission( permission, permissionB ) {`

			`var userObject = permission.userObject;`

			`var validator = new Object();`

			`validator.isValid = true;`

			`this.validateObjects( userObject, validator );`

			`this.validateVisitor( permission, permissionB, validator );`


			`if( !validator.isValid ) {`

			`return false;`

			`}`

			`validator.isValid = false;`

			`unify.extend( userObject );`

			`this.compareObjects( userObject, permission, permissionB, validator );`

			`return validator.isValid;`

			`}`

			`comparePermission( permissionA, permissionB ) {`

			`if( permissionA.userObject.id == 0 ) {`

			`return false;`

			`}`

			`if( permissionA.userObject.id != permissionB.userObject.id ) {`

			`return false;`

			`}`

			`if( permissionA.type != permissionB.type ) {`

			`return false;`

			`}`

			`if( permissionA.policy != "allow" ) {`

			`return false;`

			`}`

			`return true;`

			`}`

			`deny( user, type ) {`

			`var currentPermission = new userPermission( user, type );`

			`this.permissions.push( currentPermission );`

			`}`

			`}`