From 72985c5a86401b5310ca39124d7a623b11b0cfdf Mon Sep 17 00:00:00 2001 From: Kristoffer Walker Date: Thu, 27 Oct 2016 06:42:36 -0400 Subject: [PATCH] New IdentityViewerController new file: lib/services/identity/controllers/identity-viewer-controller.js --- .../controllers/identity-viewer-controller.js | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 lib/services/identity/controllers/identity-viewer-controller.js diff --git a/lib/services/identity/controllers/identity-viewer-controller.js b/lib/services/identity/controllers/identity-viewer-controller.js new file mode 100644 index 0000000..22462d7 --- /dev/null +++ b/lib/services/identity/controllers/identity-viewer-controller.js @@ -0,0 +1,62 @@ +'use strict'; + +const _ = require('lodash'); +const Boom = require('boom'); + +const Controller = require('../../../controllers/controller'); +const IdentityItemController = require('./identity-item-controller'); + +class IdentityViewerController extends IdentityItemController { + get(req, res, next) { + const err = this.checkViewerAccess(req); + if (err) { + return next(err); + } + + return super.get(req, res, next); + } + + patch(req, res, next) { + const err = this.checkViewerAccess(req); + if (err) { + return next(err); + } + + return super.patch(req, res, next); + } + + delete(req, res, next) { + const err = this.checkViewerAccess(req); + if (err) { + return next(err); + } + + return super.delete(req, res, next); + } + + checkViewerAccess(req) { + if (this.isAdminRequest(req)) { + return null; + } + + const viewerId = _.get(req, 'identity.viewer.id'); + if (req.params.id !== viewerId) { + return Boom.unauthorized('Viewer specified in JWT does not match requested viewer.'); + } + + return null; + } + + static create(spec) { + if (!spec.bus || !_.isObject(spec.bus)) { + throw new Error('IdentityViewerController spec.bus is required'); + } + + return Controller.create(new IdentityViewerController({ + bus: spec.bus, + type: 'viewer' + })); + } +} + +module.exports = IdentityViewerController;