Merge branch 'release/2.10.2' into production

2015-01-16 10:33:40 -08:00 · 2015-01-16 10:33:40 -08:00 · 1204f38f58
parent 14da0d8c53 41d9bbb7df
commit 1204f38f58
4 changed files with 68 additions and 28 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,9 @@
+2015-01-16, Version 2.10.2
+==========================
+
+ * Make sure EXECUTE access type matches READ or WRITE (Raymond Feng)
+
+
 2015-01-15, Version 2.10.1
 ==========================

@ -7,11 +13,11 @@

 * Added context middleware (Rand McKinney)

- * Use User.remoteMethod instead of loopbacks method This is needed for loopback-connector-remote authorization. Addresses https://github.com/strongloop/loopback/issues/622. (Berkeley Martinez)
+ * Revert the peer dep change to avoid npm complaints (Raymond Feng)

+ * Update strong-remoting dep (Raymond Feng)

-2015-01-07, Version 2.9.0
-=========================
+ * Allow accessType per remote method (Raymond Feng)

 * Update juggler dep (Raymond Feng)

@ -19,12 +25,23 @@

 * Allow User.hashPassword/validatePassword to be overridden (Raymond Feng)

+ * Use User.remoteMethod instead of loopbacks method This is needed for loopback-connector-remote authorization. Addresses https://github.com/strongloop/loopback/issues/622. (Berkeley Martinez)
+
+ * API and REST tests added to ensure complete and valid credentials are supplied for verified error message to be returned  - tests added as suggested and fail under previous version of User model  - strongloop/loopback#931 (Ron Edgecomb)
+
+ * Require valid login credentials before verified email check.  - strongloop/loopback#931. (Ron Edgecomb)
+

 2015-01-07, Version 2.8.8
 =========================



+2015-01-07, Version 2.9.0
+=========================
+
+
+
 2015-01-07, Version 2.10.0
 ==========================

@ -100,19 +117,16 @@

 * Fix bcrypt issues for browserify (Raymond Feng)

- * Allow native bcrypt for performance (Raymond Feng)
-
-
-2014-12-08, Version 2.8.3
-=========================
-
-

 2014-12-08, Version 2.8.4
 =========================

 * Allow native bcrypt for performance (Raymond Feng)

+
+2014-12-08, Version 2.8.3
+=========================
+
 * Remove unused underscore dependency (Ryan Graham)


--- a/common/models/acl.js
+++ b/common/models/acl.js
@ -109,16 +109,20 @@ module.exports = function(ACL) {
      var val2 = req[props[i]] || ACL.ALL;
      var isMatchingMethodName = props[i] === 'property' && req.methodNames.indexOf(val1) !== -1;

-      if (val1 === val2 || isMatchingMethodName) {
+      // accessType: EXECUTE should match READ or WRITE
+      var isMatchingAccessType = props[i] === 'accessType' &&
+        val1 === ACL.EXECUTE;
+
+      if (val1 === val2 || isMatchingMethodName || isMatchingAccessType) {
        // Exact match
        score += 3;
      } else if (val1 === ACL.ALL) {
        // Wildcard match
        score += 2;
      } else if (val2 === ACL.ALL) {
-        // Doesn't match at all
        score += 1;
      } else {
+        // Doesn't match at all
        return -1;
      }
    }
@ -304,7 +308,7 @@ module.exports = function(ACL) {
    property = property || ACL.ALL;
    var propertyQuery = (property === ACL.ALL) ? undefined : {inq: [property, ACL.ALL]};
    accessType = accessType || ACL.ALL;
-    var accessTypeQuery = (accessType === ACL.ALL) ? undefined : {inq: [accessType, ACL.ALL]};
+    var accessTypeQuery = (accessType === ACL.ALL) ? undefined : {inq: [accessType, ACL.ALL, ACL.EXECUTE]};

    var req = new AccessRequest(model, property, accessType);

--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "loopback",
-  "version": "2.10.1",
+  "version": "2.10.2",
  "description": "LoopBack: Open Source Framework for Node.js",
  "homepage": "http://loopback.io",
  "keywords": [
@ -102,6 +102,6 @@
    "url": "https://github.com/strongloop/loopback/blob/master/LICENSE"
  },
  "optionalDependencies": {
-    "sl-blip": "http://blip.strongloop.com/loopback@2.10.1"
+    "sl-blip": "http://blip.strongloop.com/loopback@2.10.2"
  }
 }
--- a/test/acl.test.js
+++ b/test/acl.test.js
@ -139,22 +139,34 @@ describe('security ACLs', function() {
      ACL.create({principalType: ACL.USER, principalId: 'u001', model: 'testModel', property: ACL.ALL,
        accessType: ACL.READ, permission: ACL.ALLOW}, function(err, acl) {

-        ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.READ, function(err, perm) {
-          assert(perm.permission === ACL.ALLOW);
-        });
+        ACL.create({principalType: ACL.USER, principalId: 'u002', model: 'testModel', property: ACL.ALL,
+          accessType: ACL.EXECUTE, permission: ACL.ALLOW}, function(err, acl) {

-        ACL.checkPermission(ACL.USER, 'u001', 'testModel', ACL.ALL, ACL.READ, function(err, perm) {
-          assert(perm.permission === ACL.ALLOW);
-        });
+          ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.READ, function(err, perm) {
+            assert(perm.permission === ACL.ALLOW);
+          });

-        ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.WRITE, function(err, perm) {
-          assert(perm.permission === ACL.DENY);
-        });
+          ACL.checkPermission(ACL.USER, 'u001', 'testModel', ACL.ALL, ACL.READ, function(err, perm) {
+            assert(perm.permission === ACL.ALLOW);
+          });

-        ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.ALL, function(err, perm) {
-          assert(perm.permission === ACL.DENY);
-        });
+          ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.WRITE, function(err, perm) {
+            assert(perm.permission === ACL.DENY);
+          });

+          ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.ALL, function(err, perm) {
+            assert(perm.permission === ACL.DENY);
+          });
+
+          ACL.checkPermission(ACL.USER, 'u002', 'testModel', 'name', ACL.WRITE, function(err, perm) {
+            assert(perm.permission === ACL.ALLOW);
+          });
+
+          ACL.checkPermission(ACL.USER, 'u002', 'testModel', 'name', ACL.READ, function(err, perm) {
+            assert(perm.permission === ACL.ALLOW);
+          });
+
+        });
      });

    });
@ -203,7 +215,9 @@ describe('security ACLs', function() {
      }
    }, {
      acls: [
-        {principalType: ACL.USER, principalId: 'u001', accessType: ACL.ALL, permission: ACL.ALLOW}
+        {principalType: ACL.USER, principalId: 'u001', accessType: ACL.ALL, permission: ACL.ALLOW},
+        {principalType: ACL.USER, principalId: 'u002', accessType: ACL.EXECUTE, permission: ACL.ALLOW},
+        {principalType: ACL.USER, principalId: 'u003', accessType: ACL.EXECUTE, permission: ACL.DENY}
      ]
    });

@ -225,6 +239,14 @@ describe('security ACLs', function() {
      assert(perm.permission === ACL.ALLOW);
    });

+    ACL.checkPermission(ACL.USER, 'u002', 'Customer', 'name', ACL.READ, function(err, perm) {
+      assert(perm.permission === ACL.ALLOW);
+    });
+
+    ACL.checkPermission(ACL.USER, 'u003', 'Customer', 'name', ACL.WRITE, function(err, perm) {
+      assert(perm.permission === ACL.DENY);
+    });
+
  });

  it('should filter static ACLs by model/property', function() {