loopback/lib/models/role.js

var loopback = require('../loopback');
var debug = require('debug')('role');

// Role model
var RoleSchema = {
  id: {type: String, id: true}, // Id
  name: {type: String, required: true}, // The name of a role
  description: String, // Description

  // Timestamps
  created: {type: Date, default: Date},
  modified: {type: Date, default: Date}
};

/**
 * Map principals to roles
 */
var RoleMappingSchema = {
  id: {type: String, id: true}, // Id
  roleId: String, // The role id
  principalType: String, // The principal type, such as user, application, or role
  principalId: String // The principal id
};

var RoleMapping = loopback.createModel('RoleMapping', RoleMappingSchema, {
  relations: {
    role: {
      type: 'belongsTo',
      model: 'Role',
      foreignKey: 'roleId'
    }
  }
});

// Principal types
RoleMapping.USER = 'USER';
RoleMapping.APP = RoleMapping.APPLICATION = 'APP';
RoleMapping.ROLE = 'ROLE';

/**
 * Get the application principal
 * @param callback
 */
RoleMapping.prototype.application = function (callback) {
  if (this.principalType === RoleMapping.APPLICATION) {
    loopback.Application.findById(this.principalId, callback);
  } else {
    process.nextTick(function () {
      callback && callback(null, null);
    });
  }
};

/**
 * Get the user principal
 * @param callback
 */
RoleMapping.prototype.user = function (callback) {
  if (this.principalType === RoleMapping.USER) {
    loopback.User.findById(this.principalId, callback);
  } else {
    process.nextTick(function () {
      callback && callback(null, null);
    });
  }
};

/**
 * Get the child role principal
 * @param callback
 */
RoleMapping.prototype.childRole = function (callback) {
  if (this.principalType === RoleMapping.ROLE) {
    loopback.User.findById(this.principalId, callback);
  } else {
    process.nextTick(function () {
      callback && callback(null, null);
    });
  }
};

/**
 * Define the Role model with `hasMany` relation to RoleMapping
 */
var Role = loopback.createModel('Role', RoleSchema, {
  relations: {
    principals: {
      type: 'hasMany',
      model: 'RoleMapping',
      foreignKey: 'roleId'
    }
  }
});

// Set up the connection to users/applications/roles once the model
Role.once('dataSourceAttached', function () {
  Role.prototype.users = function (callback) {
    RoleMapping.find({where: {roleId: this.id,
      principalType: RoleMapping.USER}}, function (err, mappings) {
      if (err) {
        callback && callback(err);
        return;
      }
      return mappings.map(function (m) {
        return m.principalId;
      });
    });
  };

  Role.prototype.applications = function (callback) {
    RoleMapping.find({where: {roleId: this.id,
      principalType: RoleMapping.APPLICATION}}, function (err, mappings) {
      if (err) {
        callback && callback(err);
        return;
      }
      return mappings.map(function (m) {
        return m.principalId;
      });
    });
  };

  Role.prototype.roles = function (callback) {
    RoleMapping.find({where: {roleId: this.id,
      principalType: RoleMapping.ROLE}}, function (err, mappings) {
      if (err) {
        callback && callback(err);
        return;
      }
      return mappings.map(function (m) {
        return m.principalId;
      });
    });
  };

});

// Special roles
Role.OWNER = '$owner'; // owner of the object
Role.RELATED = "$related"; // any User with a relationship to the object
Role.AUTHENTICATED = "$authenticated"; // authenticated user
Role.UNAUTHENTICATED = "$unauthenticated"; // authenticated user
Role.EVERYONE = "$everyone"; // everyone

/**
 * Add custom handler for roles
 * @param role
 * @param resolver The resolver function decides if a principal is in the role
 * dynamically
 *
 * function(role, context, callback)
 */
Role.registerResolver = function(role, resolver) {
  if(!Role.resolvers) {
    Role.resolvers = {};
  }
  Role.resolvers[role] = resolver;
};

Role.registerResolver(Role.OWNER, function(role, context, callback) {
  if(!context || !context.model || !context.id) {
    process.nextTick(function() {
      callback && callback(null, false);
    });
    return;
  }
  var modelClass = context.model;
  var id = context.id;
  var userId = context.userId || context.principalId;
  isOwner(modelClass, id, userId, callback);
});

function isUserClass(modelClass) {
  return modelClass === loopback.User ||
    modelClass.prototype instanceof loopback.User;
}

function isOwner(modelClass, id, userId, callback) {
  debug('isOwner(): %s %s %s', modelClass && modelClass.modelName, id, userId);
  // No userId is present
  if(!userId) {
    process.nextTick(function() {
      callback(null, false);
    });
    return;
  }

  // Is the modelClass User or a subclass of User?
  if(isUserClass(modelClass)) {
    process.nextTick(function() {
      callback(null, id === userId);
    });
    return;
  }

  modelClass.findById(id, function(err, inst) {
    if(err || !inst) {
      callback && callback(err, false);
      return;
    }
    debug('Model found: %j', inst);
    if(inst.userId || inst.owner) {
      callback && callback(null, (inst.userId || inst.owner) === userId);
      return;
    } else {
      // Try to follow belongsTo
      for(var r in modelClass.relations) {
        var rel = modelClass.relations[r];
        if(rel.type === 'belongsTo' && isUserClass(rel.modelTo)) {
          debug('Checking relation %s to %s: %j', r, rel.modelTo.modelName, rel);
          inst[r](function(err, user) {
            if(!err && user) {
              debug('User found: %j', user.id);
              callback && callback(null, user.id === userId);
            } else {
              callback && callback(err, false);
            }
          });
          return;
        }
      }
      callback && callback(null, false);
    }
  });
}

Role.registerResolver(Role.AUTHENTICATED, function(role, context, callback) {
  if(!context) {
    process.nextTick(function() {
      callback && callback(null, false);
    });
    return;
  }
  var userId = context.principalId;
  isAuthenticated(userId, callback);
});

function isAuthenticated(userId, callback) {
  process.nextTick(function() {
    callback && callback(null, !!userId);
  });
}

Role.registerResolver(Role.UNAUTHENTICATED, function(role, context, callback) {
  process.nextTick(function() {
    callback && callback(null, !context || !context.principalId);
  });
});

Role.registerResolver(Role.EVERYONE, function (role, context, callback) {
  process.nextTick(function () {
    callback && callback(null, true); // Always true
  });
});

/**
 * Check if a given principal is in the role
 *
 * @param {String} role The role name
 * @param {Object} context The context object
 * @param {Function} callback
 */
Role.isInRole = function (role, context, callback) {
  debug('isInRole(): %s %j', role, context);
  var resolver = Role.resolvers[role];
  if(resolver) {
    debug('Custom resolver found for role %s', role);
    resolver(role, context, callback);
    return;
  }

  var principalType = context.principalType;
  var principalId = context.principalId;

  // Check if it's the same role
  if(principalType === RoleMapping.ROLE && principalId === role) {
    process.nextTick(function() {
      callback && callback(null, true);
    });
    return;
  }

  Role.findOne({where: {name: role}}, function (err, result) {
    if (err) {
      callback && callback(err);
      return;
    }
    if(!result) {
      callback && callback(null, false);
      return;
    }
    debug('Role found: %j', result);
    RoleMapping.findOne({where: {roleId: result.id, principalType: principalType, principalId: principalId}},
      function (err, result) {
        if (err) {
          callback && callback(err);
          return;
        }
        debug('Role mapping found: %j', result);
        callback && callback(null, !!result);
      });
  });
};

/**
 * List roles for a given principal
 * @param {String} principalType
 * @param {String|Number} principalId
 * @param {Function} callback
 *
 * @callback callback
 * @param err
 * @param {String[]} An array of role ids
 */
Role.getRoles = function (principalType, principalId, callback) {
  RoleMapping.find({where: {principalType: principalType, principalId: principalId}}, function (err, mappings) {
    if (err) {
      callback && callback(err);
      return;
    }
    var roles = [];
    mappings.forEach(function (m) {
      roles.push(m.roleId);
    });
    callback && callback(null, roles);
  });
};

module.exports = {
  Role: Role,
  RoleMapping: RoleMapping
};
Start to build the ACL models 2013-11-10 06:22:16 +00:00			`var loopback = require('../loopback');`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`var debug = require('debug')('role');`
Update acl/role models 2013-11-04 21:19:02 +00:00
Add schema skeletons for built-in models 2013-06-26 23:25:51 +00:00			`// Role model`
			`var RoleSchema = {`
Start to build the ACL models 2013-11-10 06:22:16 +00:00			`id: {type: String, id: true}, // Id`
			`name: {type: String, required: true}, // The name of a role`
			`description: String, // Description`
Add exports to models 2013-07-09 22:06:42 +00:00
Start to build the ACL models 2013-11-10 06:22:16 +00:00			`// Timestamps`
			`created: {type: Date, default: Date},`
			`modified: {type: Date, default: Date}`
Update acl/role models 2013-11-04 21:19:02 +00:00			`};`

Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`/**`
			`* Map principals to roles`
			`*/`
			`var RoleMappingSchema = {`
			`id: {type: String, id: true}, // Id`
			`roleId: String, // The role id`
			`principalType: String, // The principal type, such as user, application, or role`
			`principalId: String // The principal id`
			`};`

			`var RoleMapping = loopback.createModel('RoleMapping', RoleMappingSchema, {`
			`relations: {`
			`role: {`
			`type: 'belongsTo',`
			`model: 'Role',`
			`foreignKey: 'roleId'`
			`}`
			`}`
			`});`

Add constants and more tests 2013-11-12 18:10:32 +00:00			`// Principal types`
			`RoleMapping.USER = 'USER';`
			`RoleMapping.APP = RoleMapping.APPLICATION = 'APP';`
			`RoleMapping.ROLE = 'ROLE';`

			`/**`
			`* Get the application principal`
			`* @param callback`
			`*/`
			`RoleMapping.prototype.application = function (callback) {`
			`if (this.principalType === RoleMapping.APPLICATION) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`loopback.Application.findById(this.principalId, callback);`
			`} else {`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`process.nextTick(function () {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`callback && callback(null, null);`
			`});`
			`}`
			`};`

Add constants and more tests 2013-11-12 18:10:32 +00:00			`/**`
			`* Get the user principal`
			`* @param callback`
			`*/`
			`RoleMapping.prototype.user = function (callback) {`
			`if (this.principalType === RoleMapping.USER) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`loopback.User.findById(this.principalId, callback);`
			`} else {`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`process.nextTick(function () {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`callback && callback(null, null);`
			`});`
			`}`
			`};`

Add constants and more tests 2013-11-12 18:10:32 +00:00			`/**`
			`* Get the child role principal`
			`* @param callback`
			`*/`
			`RoleMapping.prototype.childRole = function (callback) {`
			`if (this.principalType === RoleMapping.ROLE) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`loopback.User.findById(this.principalId, callback);`
			`} else {`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`process.nextTick(function () {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`callback && callback(null, null);`
			`});`
			`}`
			`};`

Add constants and more tests 2013-11-12 18:10:32 +00:00			`/**`
			* Define the Role model with `hasMany` relation to RoleMapping
			`*/`
Start to build the ACL models 2013-11-10 06:22:16 +00:00			`var Role = loopback.createModel('Role', RoleSchema, {`
			`relations: {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`principals: {`
Start to build the ACL models 2013-11-10 06:22:16 +00:00			`type: 'hasMany',`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`model: 'RoleMapping',`
			`foreignKey: 'roleId'`
Start to build the ACL models 2013-11-10 06:22:16 +00:00			`}`
			`}`
			`});`
Update acl/role models 2013-11-04 21:19:02 +00:00
Add constants and more tests 2013-11-12 18:10:32 +00:00			`// Set up the connection to users/applications/roles once the model`
			`Role.once('dataSourceAttached', function () {`
			`Role.prototype.users = function (callback) {`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`RoleMapping.find({where: {roleId: this.id,`
			`principalType: RoleMapping.USER}}, function (err, mappings) {`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`if (err) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`callback && callback(err);`
			`return;`
			`}`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`return mappings.map(function (m) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`return m.principalId;`
			`});`
			`});`
			`};`

Add constants and more tests 2013-11-12 18:10:32 +00:00			`Role.prototype.applications = function (callback) {`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`RoleMapping.find({where: {roleId: this.id,`
			`principalType: RoleMapping.APPLICATION}}, function (err, mappings) {`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`if (err) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`callback && callback(err);`
			`return;`
			`}`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`return mappings.map(function (m) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`return m.principalId;`
			`});`
			`});`
			`};`

Add constants and more tests 2013-11-12 18:10:32 +00:00			`Role.prototype.roles = function (callback) {`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`RoleMapping.find({where: {roleId: this.id,`
			`principalType: RoleMapping.ROLE}}, function (err, mappings) {`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`if (err) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`callback && callback(err);`
			`return;`
			`}`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`return mappings.map(function (m) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`return m.principalId;`
			`});`
			`});`
			`};`

			`});`

Start to build the ACL models 2013-11-10 06:22:16 +00:00			`// Special roles`
			`Role.OWNER = '$owner'; // owner of the object`
Update acl/role models 2013-11-04 21:19:02 +00:00			`Role.RELATED = "$related"; // any User with a relationship to the object`
			`Role.AUTHENTICATED = "$authenticated"; // authenticated user`
Add unauthenticated role 2013-11-20 21:38:14 +00:00			`Role.UNAUTHENTICATED = "$unauthenticated"; // authenticated user`
Update acl/role models 2013-11-04 21:19:02 +00:00			`Role.EVERYONE = "$everyone"; // everyone`
Add exports to models 2013-07-09 22:06:42 +00:00
Add a stub to register role resolvers 2013-11-13 18:29:33 +00:00			`/**`
			`* Add custom handler for roles`
			`* @param role`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`* @param resolver The resolver function decides if a principal is in the role`
			`* dynamically`
Add a stub to register role resolvers 2013-11-13 18:29:33 +00:00			`*`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`* function(role, context, callback)`
Add a stub to register role resolvers 2013-11-13 18:29:33 +00:00			`*/`
			`Role.registerResolver = function(role, resolver) {`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`if(!Role.resolvers) {`
			`Role.resolvers = {};`
			`}`
Add a stub to register role resolvers 2013-11-13 18:29:33 +00:00			`Role.resolvers[role] = resolver;`
			`};`

Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`Role.registerResolver(Role.OWNER, function(role, context, callback) {`
			`if(!context \|\| !context.model \|\| !context.id) {`
			`process.nextTick(function() {`
			`callback && callback(null, false);`
			`});`
			`return;`
			`}`
			`var modelClass = context.model;`
			`var id = context.id;`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`var userId = context.userId \|\| context.principalId;`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`isOwner(modelClass, id, userId, callback);`
			`});`

Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`function isUserClass(modelClass) {`
			`return modelClass === loopback.User \|\|`
			`modelClass.prototype instanceof loopback.User;`
			`}`

			`function isOwner(modelClass, id, userId, callback) {`
			`debug('isOwner(): %s %s %s', modelClass && modelClass.modelName, id, userId);`
			`// No userId is present`
Various ACL fixes 2013-12-11 05:49:18 +00:00			`if(!userId) {`
			`process.nextTick(function() {`
			`callback(null, false);`
			`});`
			`return;`
			`}`

Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`// Is the modelClass User or a subclass of User?`
			`if(isUserClass(modelClass)) {`
Various ACL fixes 2013-12-11 05:49:18 +00:00			`process.nextTick(function() {`
			`callback(null, id === userId);`
			`});`
			`return;`
			`}`

Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`modelClass.findById(id, function(err, inst) {`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`if(err \|\| !inst) {`
			`callback && callback(err, false);`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`return;`
			`}`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`debug('Model found: %j', inst);`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`if(inst.userId \|\| inst.owner) {`
			`callback && callback(null, (inst.userId \|\| inst.owner) === userId);`
			`return;`
			`} else {`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`// Try to follow belongsTo`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`for(var r in modelClass.relations) {`
			`var rel = modelClass.relations[r];`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`if(rel.type === 'belongsTo' && isUserClass(rel.modelTo)) {`
			`debug('Checking relation %s to %s: %j', r, rel.modelTo.modelName, rel);`
			`inst[r](function(err, user) {`
			`if(!err && user) {`
			`debug('User found: %j', user.id);`
			`callback && callback(null, user.id === userId);`
			`} else {`
			`callback && callback(err, false);`
			`}`
			`});`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`return;`
			`}`
			`}`
			`callback && callback(null, false);`
			`}`
			`});`
			`}`

			`Role.registerResolver(Role.AUTHENTICATED, function(role, context, callback) {`
			`if(!context) {`
			`process.nextTick(function() {`
			`callback && callback(null, false);`
			`});`
			`return;`
			`}`
			`var userId = context.principalId;`
			`isAuthenticated(userId, callback);`
			`});`

			`function isAuthenticated(userId, callback) {`
			`process.nextTick(function() {`
			`callback && callback(null, !!userId);`
			`});`
			`}`

Add unauthenticated role 2013-11-20 21:38:14 +00:00			`Role.registerResolver(Role.UNAUTHENTICATED, function(role, context, callback) {`
			`process.nextTick(function() {`
			`callback && callback(null, !context \|\| !context.principalId);`
			`});`
			`});`

Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`Role.registerResolver(Role.EVERYONE, function (role, context, callback) {`
			`process.nextTick(function () {`
			`callback && callback(null, true); // Always true`
			`});`
			`});`

Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`/**`
			`* Check if a given principal is in the role`
			`*`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`* @param {String} role The role name`
			`* @param {Object} context The context object`
			`* @param {Function} callback`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`*/`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`Role.isInRole = function (role, context, callback) {`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`debug('isInRole(): %s %j', role, context);`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`var resolver = Role.resolvers[role];`
			`if(resolver) {`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`debug('Custom resolver found for role %s', role);`
Start to support smart roles such as owner 2013-11-19 19:58:30 +00:00			`resolver(role, context, callback);`
			`return;`
			`}`

			`var principalType = context.principalType;`
			`var principalId = context.principalId;`

Add checkAccess for subject and token 2013-11-20 21:31:30 +00:00			`// Check if it's the same role`
			`if(principalType === RoleMapping.ROLE && principalId === role) {`
			`process.nextTick(function() {`
			`callback && callback(null, true);`
			`});`
			`return;`
			`}`

Add tests for isInRole and getRoles 2013-11-12 18:47:59 +00:00			`Role.findOne({where: {name: role}}, function (err, result) {`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`if (err) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`callback && callback(err);`
			`return;`
			`}`
Add tests for isInRole and getRoles 2013-11-12 18:47:59 +00:00			`if(!result) {`
			`callback && callback(null, false);`
			`return;`
			`}`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`debug('Role found: %j', result);`
Add tests for isInRole and getRoles 2013-11-12 18:47:59 +00:00			`RoleMapping.findOne({where: {roleId: result.id, principalType: principalType, principalId: principalId}},`
			`function (err, result) {`
			`if (err) {`
			`callback && callback(err);`
			`return;`
			`}`
Fix the algorithm for Role.isInRole and ACL.checkAccess 2013-12-11 07:33:57 +00:00			`debug('Role mapping found: %j', result);`
Add tests for isInRole and getRoles 2013-11-12 18:47:59 +00:00			`callback && callback(null, !!result);`
			`});`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`});`
			`};`

			`/**`
			`* List roles for a given principal`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`* @param {String} principalType`
			`* @param {String\|Number} principalId`
			`* @param {Function} callback`
			`*`
			`* @callback callback`
			`* @param err`
			`* @param {String[]} An array of role ids`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`*/`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`Role.getRoles = function (principalType, principalId, callback) {`
			`RoleMapping.find({where: {principalType: principalType, principalId: principalId}}, function (err, mappings) {`
			`if (err) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`callback && callback(err);`
			`return;`
			`}`
			`var roles = [];`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`mappings.forEach(function (m) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`roles.push(m.roleId);`
			`});`
			`callback && callback(null, roles);`
			`});`
			`};`

			`module.exports = {`
			`Role: Role,`
			`RoleMapping: RoleMapping`
			`};`