Update acl/role models

2013-11-04 13:19:02 -08:00 · 2013-11-04 13:19:02 -08:00 · 492aca7724
parent f9849454e9
commit 492aca7724
2 changed files with 55 additions and 43 deletions
--- a/lib/models/acl.js
+++ b/lib/models/acl.js
@ -31,49 +31,55 @@ Map to oAuth 2.0 scopes

 */

-/*
-var ACLEntrySchema = {
-    principal: String, // Application/User/Role
-    action: String, // READ/WRITE or method name
-    allowed: Boolean // Positive or negative
-}
+var loopback = require('loopback');

-var ACLSchema = {
+var ACLEntrySchema = {
+    /**
+     * Type of the principal - Application/User/Role
+     */
+    principalType: String,
+    /**
+     * Id of the principal - such as appId, userId or roleId
+     */
+    principalId: String,
+
+    /**
+     * Name of the access type - READ/WRITE/EXEC
+     */
+    accessType: String,
+
+    /**
+     * ALARM - Generate an alarm, in a system dependent way, the access specified in the permissions component of the ACL entry.
+     * ALLOW - Explicitly grants access to the resource.
+     * AUDIT - Log, in a system dependent way, the access specified in the permissions component of the ACL entry.
+     * DENY - Explicitly denies access to the resource.
+     */
+    permission: String
+};
+
+var AccessSchema = {
    publicReadAccess: Boolean,
    publicWriteAccess: Boolean,
-    permissions: [ACLEntrySchema],
-    created: Date,
-    modified: Date
-}
-
-
-var AccessLevel = [
- NotAllowed: 'Not Allowed', // Disabled
- // 'Allowed when Logged-in',
- Owner: 'Allow to Object Owner',
- Role: 'Users defined in a Role',
- Related: 'Any User with a relationship to the object',
- Authenticated: 'Allow to Any Logged In User',
- 'Open'
-];
-*/
+    publicExecAccess: Boolean,
+    permissions: [ACLEntrySchema]
+};

 var ACLSchema = {
-    model: String, // The model name
-    properties: [String], // A list of property names
-    methods: [String], // A list of methods
-    users: [String], // A list of users
-    roles: [String], // A list of roles
-    permission: {type: String, enum: ['Allow', 'Deny']}, // Allow/Deny
-    status: String, // Enabled/disabled
+    /**
+     * Resource
+     */
+    model: String, // The name of the model
+    property: String, // The name of the property
+    method: String, // The name of the method
+
+    access: AccessSchema, // The access
+
+    status: String,
    created: Date,
    modified: Date
 };

-// readAccess, writeAccess --> public, userId, role

-module.exports = function(dataSource) {
-    dataSource = dataSource || new require('loopback-datasource-juggler').ModelBuilder();
-    var ACL = dataSource.define('ACL', ACLSchema);
-    return ACL;
-};
+var ACL = loopback.createModel('ACL', ACLSchema);
+
+module.exports = ACL;
--- a/lib/models/role.js
+++ b/lib/models/role.js
@ -1,6 +1,8 @@
+var loopback = require('loopback');
+
 // Role model
 var RoleSchema = {
-    id: {type: String, required: true}, // Id
+    id: {type: String, id: true}, // Id
    name: {type: String, required: true}, // The name of a role
    description: String, // Description
    roles: [String], // A role can be an aggregate of other roles
@ -9,10 +11,14 @@ var RoleSchema = {
    // Timestamps
    created: {type: Date, default: Date},
    modified: {type: Date, default: Date}
-}
+};
+
+var Role = loopback.createModel('Role', RoleSchema);
+
+module.exports = Role;
+
+Role.OWNER ='$owner'; // owner of the object
+Role.RELATED = "$related"; // any User with a relationship to the object
+Role.AUTHENTICATED = "$authenticated"; // authenticated user
+Role.EVERYONE = "$everyone"; // everyone

-module.exports = function(dataSource) {
-    dataSource = dataSource || new require('loopback-datasource-juggler').ModelBuilder();
-    var Role = dataSource.define('Role', RoleSchema);
-    return Role;
-}