From 560ff11ffc3301c36afd823cf35a2e4930d9ed63 Mon Sep 17 00:00:00 2001 From: pdik Date: Wed, 4 Dec 2024 09:31:40 +0100 Subject: [PATCH] Added ConvertStringToArray Converts string into Array, with basic checks --- Control/lib/common/StringToArray.js | 16 ++++++++++++++++ .../middleware/detectorOwnership.middleware.js | 12 +++--------- Control/lib/middleware/minimumRole.middleware.js | 9 ++------- 3 files changed, 21 insertions(+), 16 deletions(-) create mode 100644 Control/lib/common/StringToArray.js diff --git a/Control/lib/common/StringToArray.js b/Control/lib/common/StringToArray.js new file mode 100644 index 000000000..7c48f7780 --- /dev/null +++ b/Control/lib/common/StringToArray.js @@ -0,0 +1,16 @@ +/** + * Convert string to list + * @param {String|Array} data + * @returns {Array} list + */ +const stringToArray = (data) => { + + let list = []; + if (typeof data === 'string') { + list = data.split(','); + } else if (Array.isArray(data)) { + list = data; + } + return list; +} +exports.stringToArray = stringToArray; \ No newline at end of file diff --git a/Control/lib/middleware/detectorOwnership.middleware.js b/Control/lib/middleware/detectorOwnership.middleware.js index 121e9e2a9..412904750 100644 --- a/Control/lib/middleware/detectorOwnership.middleware.js +++ b/Control/lib/middleware/detectorOwnership.middleware.js @@ -1,7 +1,7 @@ const {User} = require('../dtos/User'); const {isRoleSufficient,Role} = require('../common/role.enum.js'); const {UnauthorizedAccessError} = require('./../errors/UnauthorizedAccessError.js'); - +const {stringToArray} = require('../common/StringToArray.js'); const {updateExpressResponseFromNativeError} = require('./../errors/updateExpressResponseFromNativeError.js'); /** * Middleware function to check detector ownership. @@ -20,14 +20,8 @@ const detectorOwnershipMiddleware = (req, res, next) => { } try { - - - let accessList = []; - if (typeof access === 'string') { - accessList = access.split(','); - } else if (Array.isArray(access)) { - accessList = access; - } + // Convert access string to Array + let accessList = stringToArray(access); // Check if the user's role is sufficient to bypass the ownership check if (accessList?.some((role) => { return isRoleSufficient(role, Role.GLOBAL) diff --git a/Control/lib/middleware/minimumRole.middleware.js b/Control/lib/middleware/minimumRole.middleware.js index bee85d2d7..b0212add1 100644 --- a/Control/lib/middleware/minimumRole.middleware.js +++ b/Control/lib/middleware/minimumRole.middleware.js @@ -15,7 +15,7 @@ const {isRoleSufficient} = require('../common/role.enum.js'); const {UnauthorizedAccessError} = require('../errors/UnauthorizedAccessError.js'); const {updateExpressResponseFromNativeError} = require('../errors/updateExpressResponseFromNativeError.js'); - +const {stringToArray} = require('../common/StringToArray.js'); /** * Method to receive a minimum role that needs to be met by owner of request and to return a middleware function * @param {Role} minimumRole - minimum role that should be fulfilled by the requestor @@ -33,12 +33,7 @@ const minimumRoleMiddleware = (minimumRole) => { try { const { access } = req?.session ?? ''; - let accessList = []; - if (typeof access === 'string') { - accessList = access.split(','); - } else if (Array.isArray(access)) { - accessList = access; - } + let accessList = stringToArray(access); const isAllowed = accessList.some((role) => isRoleSufficient(role, minimumRole)); if (!isAllowed) { updateExpressResponseFromNativeError(res,