/*
 * This file is part of the authRXBN single sign-on package.
 *
 * (c) Ruben Meyer <contact@rxbn.de>
 */

/**
 * EXPLANATIONS:
 *
 * groups: ["anon", "user", "admin"]
 * - anon: not logged in; no cookies
 * - user: logged in; non-special group
 * - admin: logged in; admin group 999 or equivalent
 *
 * expressions: RegExp tested on req.path
 * - ex.:
 * - req.path = "/profile/456";
 * - expression = "(/profile/.*)";
 * - (new RegExp(expression, "g")).test(req.path) ~> true
 *
 * rules: rules which can be rolled out
 * - block: block direct access
 *
 * types: ["404", "missing_permission"]
 * - 404: File not found
 * - missing_permission: Missing Permission page
 * - login: login page
 */
let rules = [
	{
		group: "anon",
		expression: "(/blocks/.*)",
		rule: "block",
		type: "404"
	},
	{
		group: "anon",
		expression: "(/error/.*)",
		rule: "block",
		type: "404"
	},
	{
		group: "anon",
		expression: "(/admin/.*)",
		rule: "block",
		type: "login"
	},
	{
		group: "user",
		expression: "(/blocks/.*)",
		rule: "block",
		type: "404"
	},
	{
		group: "user",
		expression: "(/error/.*)",
		rule: "block",
		type: "404"
	},
	{
		group: "user",
		expression: "(/admin/.*)",
		rule: "block",
		type: "missing_permission"
	}
];

module.exports = rules;