|
|
@@ -59,11 +59,10 @@ module.exports = (crowi) => {
|
|
|
// MOCK DATA DELETE THIS GW-6972 ---------------
|
|
|
const SlackAppIntegrationMock = mongoose.model('SlackAppIntegrationMock');
|
|
|
const slackAppIntegrationMock = await SlackAppIntegrationMock.findOne({ tokenPtoG });
|
|
|
- const channelsObject = slackAppIntegrationMock.permittedChannelsForEachCommand._doc.channelsObject;
|
|
|
+ const permissionsForBroadcastUseCommands = slackAppIntegrationMock.permissionsForBroadcastUseCommands;
|
|
|
+ const permissionsForSingleUseCommands = slackAppIntegrationMock.permissionsForSingleUseCommands;
|
|
|
// MOCK DATA DELETE THIS GW-6972 ---------------
|
|
|
const { supportedCommandsForBroadcastUse, supportedCommandsForSingleUse } = relation;
|
|
|
- const supportedCommands = supportedCommandsForBroadcastUse.concat(supportedCommandsForSingleUse);
|
|
|
- const supportedGrowiActionsRegExps = getSupportedGrowiActionsRegExps(supportedCommands);
|
|
|
|
|
|
// get command name from req.body
|
|
|
let command = '';
|
|
|
@@ -82,35 +81,36 @@ module.exports = (crowi) => {
|
|
|
|
|
|
// code below checks permission at channel level
|
|
|
const fromChannel = req.body.channel_name || payload.channel.name;
|
|
|
- [...channelsObject.keys()].forEach((commandName) => {
|
|
|
- const permittedChannels = channelsObject.get(commandName);
|
|
|
- // ex. search OR search:hogehoge
|
|
|
+ let isPermitted = false;
|
|
|
+ [...permissionsForBroadcastUseCommands.keys(), ...permissionsForSingleUseCommands.keys()].forEach((commandName) => {
|
|
|
+ // boolean or string[]
|
|
|
+ let permission = permissionsForBroadcastUseCommands.get(commandName);
|
|
|
+ if (permission === undefined) {
|
|
|
+ permission = permissionsForSingleUseCommands.get(commandName);
|
|
|
+ }
|
|
|
+
|
|
|
+ // ex. search OR search:handlerName
|
|
|
const commandRegExp = new RegExp(`(^${commandName}$)|(^${commandName}:\\w+)`);
|
|
|
|
|
|
- // RegExp check
|
|
|
- if (commandRegExp.test(commandName) || commandRegExp.test(actionId) || commandRegExp.test(callbackId)) {
|
|
|
- // check if the channel is permitted
|
|
|
- if (permittedChannels.includes(fromChannel)) return next();
|
|
|
+ // skip this forEach loop if the requested command is not in permissionsForBroadcastUseCommands key
|
|
|
+ if (!commandRegExp.test(command) && !commandRegExp.test(actionId) && !commandRegExp.test(callbackId)) {
|
|
|
+ return;
|
|
|
}
|
|
|
- });
|
|
|
|
|
|
- // code below checks permission at command level
|
|
|
- let isActionSupported = false;
|
|
|
- supportedGrowiActionsRegExps.forEach((regexp) => {
|
|
|
- if (regexp.test(actionId) || regexp.test(callbackId)) {
|
|
|
- isActionSupported = true;
|
|
|
+ // permission check
|
|
|
+ if (permission === true) {
|
|
|
+ isPermitted = true;
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ if (Array.isArray(permission) && permission.includes(fromChannel)) {
|
|
|
+ isPermitted = true;
|
|
|
}
|
|
|
});
|
|
|
|
|
|
- // validate
|
|
|
- if (command && !supportedCommands.includes(command)) {
|
|
|
- return res.status(403).send(`It is not allowed to run '${command}' command to this GROWI.`);
|
|
|
- }
|
|
|
- if ((actionId || callbackId) && !isActionSupported) {
|
|
|
- return res.status(403).send(`It is not allowed to run '${command}' command to this GROWI.`);
|
|
|
+ if (isPermitted) {
|
|
|
+ return next();
|
|
|
}
|
|
|
-
|
|
|
- next();
|
|
|
+ res.status(403).send(`It is not allowed to run '${command}' command to this GROWI.`);
|
|
|
}
|
|
|
|
|
|
const addSigningSecretToReq = (req, res, next) => {
|
Taichi Masuyama