Fix UserController permission serialization and include current updates

2026-02-27 14:38:22 -06:00
parent 51eb36f4a6
commit b1f6462ac3
50 changed files with 6150 additions and 30 deletions
@@ -178,6 +178,46 @@ export default class UserController {
    return decoded.permissions;
  }

+  /**
+   * Read Role Permissions
+   *
+   * Verifies and decodes a role permissions JWT and returns the permission nodes.
+   * Returns an empty array if verification fails.
+   *
+   * @param role - Role record containing the signed permissions token
+   * @returns {string[]} The role permission nodes
+   */
+  private _readRolePermissions(role: Role): string[] {
+    try {
+      const decoded = jwt.verify(role.permissions, permissionsPrivateKey, {
+        algorithms: ["RS256"],
+        issuer: "roles",
+        subject: role.id,
+      }) as DecodedPermissionsBlock;
+
+      return decoded.permissions;
+    } catch {
+      return [];
+    }
+  }
+
+  /**
+   * Read All Permissions
+   *
+   * Aggregates the user's direct permissions and all permissions from their assigned roles
+   * into a single deduplicated array.
+   *
+   * @returns {Promise<string[]>} Combined array of all permission nodes
+   */
+  public async readAllPermissions(): Promise<string[]> {
+    const directPermissions = this.readPermissions();
+    const rolePermissions = this._roles
+      .map((role) => this._readRolePermissions(role))
+      .flatMap((permissions) => permissions);
+
+    return [...new Set([...directPermissions, ...rolePermissions])];
+  }
+
  /**
   * Fetch Roles
   *
@@ -262,7 +302,16 @@ export default class UserController {
        : this._roles.size > 0
          ? this._roles.map((v) => v.moniker)
          : undefined,
-      permissions: opts?.safeReturn ? undefined : this.readPermissions(),
+      permissions: opts?.safeReturn
+        ? undefined
+        : (() => {
+            const directPermissions = this.readPermissions();
+            const rolePermissions = this._roles
+              .map((role) => this._readRolePermissions(role))
+              .flatMap((permissions) => permissions);
+
+            return [...new Set([...directPermissions, ...rolePermissions])];
+          })(),
      login: opts?.safeReturn ? undefined : this.login,
      email: opts?.safeReturn ? undefined : this.email,
      image: this.image,