From 08542572a234660aaf0ceb7ae3b2164feef6b1f0 Mon Sep 17 00:00:00 2001
From: folland87 <frederic@olland.me>
Date: Thu, 26 Sep 2024 11:00:46 +0200
Subject: [PATCH] add annelis export

---
 .../commons/middlewares/rbac.middlewares.js   | 58 ++++++++++---------
 1 file changed, 32 insertions(+), 26 deletions(-)

diff --git a/src/api/commons/middlewares/rbac.middlewares.js b/src/api/commons/middlewares/rbac.middlewares.js
index 2a191e70..eefe1184 100644
--- a/src/api/commons/middlewares/rbac.middlewares.js
+++ b/src/api/commons/middlewares/rbac.middlewares.js
@@ -1,50 +1,56 @@
-import { ForbiddenError, UnauthorizedError } from '../http-errors';
+import { ForbiddenError, UnauthorizedError } from "../http-errors";
 
 export function requireAuth(req, res, next) {
-  if (['development', 'testing'].includes(process.env.NODE_ENV)) return next();
-  if (['/signup', '/signin', '/token', '/recovery/password'].includes(req.path)) return next();
-  if (req.path.startsWith('/opendata')) return next();
-  if (req.path.startsWith('/curiexplore')) return next();
-  if (req.path.startsWith('/assets/avatars')) return next();
-  if (req.path.startsWith('/assets/logos')) return next();
+  if (["development", "testing"].includes(process.env.NODE_ENV)) return next();
+  if (["/signup", "/signin", "/token", "/recovery/password"].includes(req.path))
+    return next();
+  if (req.path.startsWith("/opendata")) return next();
+  if (req.path.startsWith("/exports/annelis")) return next();
+  if (req.path.startsWith("/curiexplore")) return next();
+  if (req.path.startsWith("/assets/avatars")) return next();
+  if (req.path.startsWith("/assets/logos")) return next();
   if (!req?.currentUser?.id) {
-    throw new UnauthorizedError('You must be connected');
+    throw new UnauthorizedError("You must be connected");
   }
   if (req.currentUser.isDeleted) {
-    throw new ForbiddenError('Inactive user');
+    throw new ForbiddenError("Inactive user");
   }
-  if ((req.method !== 'GET') && (req.currentUser.role === 'viewer')) {
-    throw new ForbiddenError('Insufficient user rights');
+  if (req.method !== "GET" && req.currentUser.role === "viewer") {
+    throw new ForbiddenError("Insufficient user rights");
   }
   return next();
 }
 
 export function requireRoles(roles) {
   return (req, res, next) => {
-    if (['development', 'testing'].includes(process.env.NODE_ENV)) return next();
+    if (["development", "testing"].includes(process.env.NODE_ENV))
+      return next();
     if (!req.currentUser.id) {
-      throw new UnauthorizedError('You must be connected');
+      throw new UnauthorizedError("You must be connected");
     }
     if (!roles.includes(req.currentUser.role)) {
-      throw new ForbiddenError('Insufficient user rights');
+      throw new ForbiddenError("Insufficient user rights");
     }
     return next();
   };
 }
 
 export function forbidReadersToWrite(req, res, next) {
-  if (['development', 'testing'].includes(process.env.NODE_ENV)) return next();
-  if ([
-    '/signup',
-    '/signin',
-    '/token',
-    '/recovery/password',
-    '/me',
-    '/me/password',
-    '/me/avatar',
-  ].includes(req.path)) return next();
-  if (req.currentUser.role === 'reader' && req.method !== 'GET') {
-    throw new ForbiddenError('Insufficient user rights');
+  if (["development", "testing"].includes(process.env.NODE_ENV)) return next();
+  if (
+    [
+      "/signup",
+      "/signin",
+      "/token",
+      "/recovery/password",
+      "/me",
+      "/me/password",
+      "/me/avatar",
+    ].includes(req.path)
+  )
+    return next();
+  if (req.currentUser.role === "reader" && req.method !== "GET") {
+    throw new ForbiddenError("Insufficient user rights");
   }
   return next();
 }