2013-11-10 06:22:16 +00:00
|
|
|
var assert = require('assert');
|
|
|
|
|
var loopback = require('../index');
|
|
|
|
|
var acl = require('../lib/models/acl');
|
2013-11-12 06:16:51 +00:00
|
|
|
var Scope = acl.Scope;
|
|
|
|
|
var ACL = acl.ACL;
|
|
|
|
|
var ScopeACL = acl.ScopeACL;
|
2013-11-10 06:22:16 +00:00
|
|
|
var User = loopback.User;
|
|
|
|
|
|
|
|
|
|
describe('security scopes', function () {
|
|
|
|
|
|
2013-11-12 06:16:51 +00:00
|
|
|
it("should allow access to models for the given scope by wildcard", function () {
|
2013-11-10 06:22:16 +00:00
|
|
|
var ds = loopback.createDataSource({connector: loopback.Memory});
|
2013-11-12 06:16:51 +00:00
|
|
|
Scope.attachTo(ds);
|
|
|
|
|
ScopeACL.attachTo(ds);
|
2013-11-10 06:22:16 +00:00
|
|
|
|
2013-11-12 06:16:51 +00:00
|
|
|
// console.log(Scope.relations);
|
2013-11-10 06:22:16 +00:00
|
|
|
|
2013-11-12 06:16:51 +00:00
|
|
|
Scope.create({name: 'user', description: 'access user information'}, function (err, scope) {
|
|
|
|
|
// console.log(scope);
|
2013-11-10 06:22:16 +00:00
|
|
|
scope.resources.create({model: 'user', property: '*', accessType: '*', permission: 'Allow'}, function (err, resource) {
|
2013-11-12 06:16:51 +00:00
|
|
|
// console.log(resource);
|
|
|
|
|
Scope.checkPermission('user', 'user', '*', '*', console.log);
|
|
|
|
|
Scope.checkPermission('user', 'user', 'name', '*', console.log);
|
|
|
|
|
Scope.checkPermission('user', 'user', 'name', 'Read', console.log);
|
2013-11-10 06:22:16 +00:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
2013-11-12 06:16:51 +00:00
|
|
|
it("should allow access to models for the given scope", function () {
|
|
|
|
|
var ds = loopback.createDataSource({connector: loopback.Memory});
|
|
|
|
|
Scope.attachTo(ds);
|
|
|
|
|
ScopeACL.attachTo(ds);
|
|
|
|
|
|
|
|
|
|
// console.log(Scope.relations);
|
|
|
|
|
|
|
|
|
|
Scope.create({name: 'user', description: 'access user information'}, function (err, scope) {
|
|
|
|
|
// console.log(scope);
|
|
|
|
|
scope.resources.create({model: 'user', property: 'name', accessType: 'Read', permission: 'Allow'}, function (err, resource) {
|
|
|
|
|
// console.log(resource);
|
|
|
|
|
Scope.checkPermission('user', 'user', '*', '*', console.log);
|
|
|
|
|
Scope.checkPermission('user', 'user', 'name', '*', console.log);
|
|
|
|
|
Scope.checkPermission('user', 'user', 'name', 'Read', console.log);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('security ACLs', function () {
|
|
|
|
|
|
|
|
|
|
it("should allow access to models for the given principal by wildcard", function () {
|
|
|
|
|
var ds = loopback.createDataSource({connector: loopback.Memory});
|
|
|
|
|
ACL.attachTo(ds);
|
|
|
|
|
|
|
|
|
|
// console.log(Scope.relations);
|
|
|
|
|
|
|
|
|
|
ACL.create({principalType: 'user', principalId: 'u001', model: 'user', property: '*', accessType: '*', permission: 'Allow'}, function (err, acl) {
|
|
|
|
|
|
|
|
|
|
ACL.checkPermission('user', 'u001', 'user', 'u001', 'Read', console.log);
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
2013-11-10 06:22:16 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
