icynet-auth-server/src/modules/api/admin/admin.service.ts

import { Injectable } from '@nestjs/common';
import { Client } from 'connect-redis';
import { OAuth2Client } from 'src/modules/objects/oauth2-client/oauth2-client.entity';
import { User } from 'src/modules/objects/user/user.entity';
import { FormUtilityService } from 'src/modules/utility/services/form-utility.service';

const UNPRIVILEGED_STRIP = ['openid', 'id_token', 'management', 'implicit'];

@Injectable()
export class AdminService {
  constructor(private _form: FormUtilityService) {}

  public stripClientInfo(client: OAuth2Client): Partial<OAuth2Client> {
    return {
      ...client,
      owner: client.owner
        ? this._form.pluckObject(client.owner, ['id', 'uuid', 'username'])
        : null,
    } as Partial<OAuth2Client>;
  }

  public userHasPrivilege(user: User, privilege: string): boolean {
    return user.privileges.some(({ name }) => name === privilege);
  }

  public userCanEditClient(user: User, client: Client): boolean {
    if (this.userHasPrivilege(user, 'admin:oauth2')) {
      return true;
    }

    return client.owner?.id === user.id;
  }

  public removeUnprivileged(input: string[]): string[] {
    return input.reduce((list, current) => {
      if (UNPRIVILEGED_STRIP.includes(current)) {
        return list;
      }

      return [...list, current];
    }, []);
  }
}
comprehensive oauth2 admin api 2022-08-27 15:52:37 +00:00			`import { Injectable } from '@nestjs/common';`
separate role for user oauth2 clients 2022-08-27 16:58:24 +00:00			`import { Client } from 'connect-redis';`
comprehensive oauth2 admin api 2022-08-27 15:52:37 +00:00			`import { OAuth2Client } from 'src/modules/objects/oauth2-client/oauth2-client.entity';`
separate role for user oauth2 clients 2022-08-27 16:58:24 +00:00			`import { User } from 'src/modules/objects/user/user.entity';`
comprehensive oauth2 admin api 2022-08-27 15:52:37 +00:00			`import { FormUtilityService } from 'src/modules/utility/services/form-utility.service';`

separate role for user oauth2 clients 2022-08-27 16:58:24 +00:00			`const UNPRIVILEGED_STRIP = ['openid', 'id_token', 'management', 'implicit'];`

comprehensive oauth2 admin api 2022-08-27 15:52:37 +00:00			`@Injectable()`
			`export class AdminService {`
			`constructor(private _form: FormUtilityService) {}`

			`public stripClientInfo(client: OAuth2Client): Partial<OAuth2Client> {`
			`return {`
			`...client,`
			`owner: client.owner`
			`? this._form.pluckObject(client.owner, ['id', 'uuid', 'username'])`
			`: null,`
			`} as Partial<OAuth2Client>;`
			`}`
separate role for user oauth2 clients 2022-08-27 16:58:24 +00:00
			`public userHasPrivilege(user: User, privilege: string): boolean {`
			`return user.privileges.some(({ name }) => name === privilege);`
			`}`

			`public userCanEditClient(user: User, client: Client): boolean {`
			`if (this.userHasPrivilege(user, 'admin:oauth2')) {`
			`return true;`
			`}`

			`return client.owner?.id === user.id;`
			`}`

			`public removeUnprivileged(input: string[]): string[] {`
			`return input.reduce((list, current) => {`
			`if (UNPRIVILEGED_STRIP.includes(current)) {`
			`return list;`
			`}`

			`return [...list, current];`
			`}, []);`
			`}`
comprehensive oauth2 admin api 2022-08-27 15:52:37 +00:00			`}`