2018-01-03 04:05:53 +00:00
|
|
|
// Copyright IBM Corp. 2014,2018. All Rights Reserved.
|
2016-05-03 22:50:21 +00:00
|
|
|
// Node module: loopback
|
|
|
|
// This file is licensed under the MIT License.
|
|
|
|
// License text available at https://opensource.org/licenses/MIT
|
|
|
|
|
2016-11-15 21:46:23 +00:00
|
|
|
'use strict';
|
2014-10-13 08:46:55 +00:00
|
|
|
var assert = require('assert');
|
2014-10-15 14:42:46 +00:00
|
|
|
var loopback = require('../../lib/loopback');
|
2014-10-13 08:46:55 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Resource owner grants/delegates permissions to client applications
|
|
|
|
*
|
|
|
|
* For a protected resource, does the client application have the authorization
|
|
|
|
* from the resource owner (user or system)?
|
|
|
|
*
|
|
|
|
* Scope has many resource access entries
|
|
|
|
*
|
|
|
|
* @class Scope
|
|
|
|
*/
|
|
|
|
|
|
|
|
module.exports = function(Scope) {
|
2015-08-13 15:58:41 +00:00
|
|
|
Scope.resolveRelatedModels = function() {
|
|
|
|
if (!this.aclModel) {
|
|
|
|
var reg = this.registry;
|
|
|
|
this.aclModel = reg.getModelByType(loopback.ACL);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2014-10-13 08:46:55 +00:00
|
|
|
/**
|
|
|
|
* Check if the given scope is allowed to access the model/property
|
|
|
|
* @param {String} scope The scope name
|
|
|
|
* @param {String} model The model name
|
|
|
|
* @param {String} property The property/method/relation name
|
|
|
|
* @param {String} accessType The access type
|
|
|
|
* @callback {Function} callback
|
|
|
|
* @param {String|Error} err The error object
|
|
|
|
* @param {AccessRequest} result The access permission
|
|
|
|
*/
|
2014-11-04 12:52:49 +00:00
|
|
|
Scope.checkPermission = function(scope, model, property, accessType, callback) {
|
2015-08-13 15:58:41 +00:00
|
|
|
this.resolveRelatedModels();
|
|
|
|
var aclModel = this.aclModel;
|
|
|
|
assert(aclModel,
|
2014-10-13 08:46:55 +00:00
|
|
|
'ACL model must be defined before Scope.checkPermission is called');
|
|
|
|
|
2016-11-15 21:46:23 +00:00
|
|
|
this.findOne({where: {name: scope}}, function(err, scope) {
|
2014-10-13 08:46:55 +00:00
|
|
|
if (err) {
|
2014-11-04 12:52:49 +00:00
|
|
|
if (callback) callback(err);
|
2014-10-13 08:46:55 +00:00
|
|
|
} else {
|
2015-08-13 15:58:41 +00:00
|
|
|
aclModel.checkPermission(
|
|
|
|
aclModel.SCOPE, scope.id, model, property, accessType, callback);
|
2014-10-13 08:46:55 +00:00
|
|
|
}
|
|
|
|
});
|
|
|
|
};
|
|
|
|
};
|