From 492aca7724bda232fe76b41c7228cf733ade091c Mon Sep 17 00:00:00 2001 From: Raymond Feng Date: Mon, 4 Nov 2013 13:19:02 -0800 Subject: [PATCH] Update acl/role models --- lib/models/acl.js | 78 +++++++++++++++++++++++++--------------------- lib/models/role.js | 20 +++++++----- 2 files changed, 55 insertions(+), 43 deletions(-) diff --git a/lib/models/acl.js b/lib/models/acl.js index c91ffdcf..b3edeb83 100644 --- a/lib/models/acl.js +++ b/lib/models/acl.js @@ -31,49 +31,55 @@ Map to oAuth 2.0 scopes */ -/* -var ACLEntrySchema = { - principal: String, // Application/User/Role - action: String, // READ/WRITE or method name - allowed: Boolean // Positive or negative -} +var loopback = require('loopback'); -var ACLSchema = { +var ACLEntrySchema = { + /** + * Type of the principal - Application/User/Role + */ + principalType: String, + /** + * Id of the principal - such as appId, userId or roleId + */ + principalId: String, + + /** + * Name of the access type - READ/WRITE/EXEC + */ + accessType: String, + + /** + * ALARM - Generate an alarm, in a system dependent way, the access specified in the permissions component of the ACL entry. + * ALLOW - Explicitly grants access to the resource. + * AUDIT - Log, in a system dependent way, the access specified in the permissions component of the ACL entry. + * DENY - Explicitly denies access to the resource. + */ + permission: String +}; + +var AccessSchema = { publicReadAccess: Boolean, publicWriteAccess: Boolean, - permissions: [ACLEntrySchema], - created: Date, - modified: Date -} - - -var AccessLevel = [ - NotAllowed: 'Not Allowed', // Disabled - // 'Allowed when Logged-in', - Owner: 'Allow to Object Owner', - Role: 'Users defined in a Role', - Related: 'Any User with a relationship to the object', - Authenticated: 'Allow to Any Logged In User', - 'Open' -]; -*/ + publicExecAccess: Boolean, + permissions: [ACLEntrySchema] +}; var ACLSchema = { - model: String, // The model name - properties: [String], // A list of property names - methods: [String], // A list of methods - users: [String], // A list of users - roles: [String], // A list of roles - permission: {type: String, enum: ['Allow', 'Deny']}, // Allow/Deny - status: String, // Enabled/disabled + /** + * Resource + */ + model: String, // The name of the model + property: String, // The name of the property + method: String, // The name of the method + + access: AccessSchema, // The access + + status: String, created: Date, modified: Date }; -// readAccess, writeAccess --> public, userId, role -module.exports = function(dataSource) { - dataSource = dataSource || new require('loopback-datasource-juggler').ModelBuilder(); - var ACL = dataSource.define('ACL', ACLSchema); - return ACL; -}; \ No newline at end of file +var ACL = loopback.createModel('ACL', ACLSchema); + +module.exports = ACL; \ No newline at end of file diff --git a/lib/models/role.js b/lib/models/role.js index 9a18e418..e39ef688 100644 --- a/lib/models/role.js +++ b/lib/models/role.js @@ -1,6 +1,8 @@ +var loopback = require('loopback'); + // Role model var RoleSchema = { - id: {type: String, required: true}, // Id + id: {type: String, id: true}, // Id name: {type: String, required: true}, // The name of a role description: String, // Description roles: [String], // A role can be an aggregate of other roles @@ -9,10 +11,14 @@ var RoleSchema = { // Timestamps created: {type: Date, default: Date}, modified: {type: Date, default: Date} -} +}; + +var Role = loopback.createModel('Role', RoleSchema); + +module.exports = Role; + +Role.OWNER ='$owner'; // owner of the object +Role.RELATED = "$related"; // any User with a relationship to the object +Role.AUTHENTICATED = "$authenticated"; // authenticated user +Role.EVERYONE = "$everyone"; // everyone -module.exports = function(dataSource) { - dataSource = dataSource || new require('loopback-datasource-juggler').ModelBuilder(); - var Role = dataSource.define('Role', RoleSchema); - return Role; -}