verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Skip static ACL entries that don't match the property

This commit is contained in:
Raymond Feng 2014-10-08 16:30:34 -07:00
parent 905fbf4267
commit 242b44ed2b
2 changed files with 38 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
common/models/acl.js
View File

@ -255,14 +255,17 @@ ACL.getStaticACLs = function getStaticACLs(model, property) {
var staticACLs = [];
if (modelClass && modelClass.settings.acls) {
modelClass.settings.acls.forEach(function (acl) {
staticACLs.push(new ACL({
model: model,
property: acl.property || ACL.ALL,
principalType: acl.principalType,
principalId: acl.principalId, // TODO: Should it be a name?
accessType: acl.accessType || ACL.ALL,
permission: acl.permission
}));
if (!acl.property || acl.property === ACL.ALL
|| property === acl.property) {
staticACLs.push(new ACL({
model: model,
property: acl.property || ACL.ALL,
principalType: acl.principalType,
principalId: acl.principalId, // TODO: Should it be a name?
accessType: acl.accessType || ACL.ALL,
permission: acl.permission
}));
}
});
}
var prop = modelClass &&

27
test/acl.test.js
View File

@ -227,6 +227,33 @@ describe('security ACLs', function () {
});
it("should filter static ACLs by model/property", function() {
var Model1 = ds.createModel('Model1', {
name: {
type: String,
acls: [
{principalType: ACL.USER, principalId: 'u001',
accessType: ACL.WRITE, permission: ACL.DENY},
{principalType: ACL.USER, principalId: 'u001',
accessType: ACL.ALL, permission: ACL.ALLOW}
]
}
}, {
acls: [
{principalType: ACL.USER, principalId: 'u001', property: 'name',
accessType: ACL.ALL, permission: ACL.ALLOW},
{principalType: ACL.USER, principalId: 'u002', property: 'findOne',
accessType: ACL.ALL, permission: ACL.ALLOW}
]
});
var staticACLs = ACL.getStaticACLs('Model1', 'name');
assert(staticACLs.length === 3);
staticACLs = ACL.getStaticACLs('Model1', 'findOne');
assert(staticACLs.length === 1);
});
it("should check access against LDL, ACL, and Role", function () {
// var log = console.log;
var log = function() {};