verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3230 from strongloop/fix/context-passing-for-isOwner 

Fix context passing in OWNER role resolver
This commit is contained in:
Miroslav Bajtoš 2017-03-03 16:19:52 +01:00 committed by GitHub
parent ed4f56c7f8 4570626e9d
commit 5ebc9b6a2e
2 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
common/models/role.js
View File

@ -182,7 +182,8 @@ module.exports = function(Role) {
var user = context.getUser(); var user = context.getUser();
var userId = user && user.id; var userId = user && user.id;
var principalType = user && user.principalType; var principalType = user && user.principalType;
Role.isOwner(modelClass, modelId, userId, principalType, callback); var opts = {accessToken: context.accessToken};
Role.isOwner(modelClass, modelId, userId, principalType, opts, callback);
}); });
function isUserClass(modelClass) { function isUserClass(modelClass) {
@ -213,15 +214,21 @@ module.exports = function(Role) {
* @param {*} modelId The model ID * @param {*} modelId The model ID
* @param {*} userId The user ID * @param {*} userId The user ID
* @param {String} principalType The user principalType (optional) * @param {String} principalType The user principalType (optional)
* @options {Object} options
* @property {accessToken} The access token used to authorize the current user.
* @callback {Function} [callback] The callback function * @callback {Function} [callback] The callback function
* @param {String|Error} err The error string or object * @param {String|Error} err The error string or object
* @param {Boolean} isOwner True if the user is an owner. * @param {Boolean} isOwner True if the user is an owner.
* @promise * @promise
*/ */
Role.isOwner = function isOwner(modelClass, modelId, userId, principalType, callback) { Role.isOwner = function isOwner(modelClass, modelId, userId, principalType, options, callback) {
if (!callback && typeof principalType === 'function') { if (!callback && typeof options === 'function') {
callback = options;
options = {};
} else if (!callback && typeof principalType === 'function') {
callback = principalType; callback = principalType;
principalType = undefined; principalType = undefined;
options = {};
} }
principalType = principalType || Principal.USER; principalType = principalType || Principal.USER;
@ -251,7 +258,7 @@ module.exports = function(Role) {
return callback.promise; return callback.promise;
} }
modelClass.findById(modelId, function(err, inst) { modelClass.findById(modelId, options, function(err, inst) {
if (err || !inst) { if (err || !inst) {
debug('Model not found for id %j', modelId); debug('Model not found for id %j', modelId);
return callback(err, false); return callback(err, false);

29
test/role.test.js
View File

@ -533,6 +533,35 @@ describe('role model', function() {
.then(isInRole => expect(isInRole).to.be.true()); .then(isInRole => expect(isInRole).to.be.true());
}); });
it('passes accessToken to modelClass.findById when resolving OWNER', () => {
const Album = app.registry.createModel('Album', {name: String});
app.model(Album, {dataSource: 'db'});
Album.belongsTo(User);
let observedOptions = null;
Album.observe('access', ctx => {
observedOptions = ctx.options;
return Promise.resolve();
});
let user, token;
return User.create({email: 'test@example.com', password: 'pass'})
.then(u => {
user = u;
return Album.create({name: 'Album 1', userId: user.id});
})
.then(album => {
return Role.isInRole(Role.OWNER, {
principalType: ACL.USER, principalId: user.id,
model: Album, id: album.id,
accessToken: 'test-token',
});
})
.then(isInRole => {
expect(observedOptions).to.eql({accessToken: 'test-token'});
});
});
describe('isMappedToRole', function() { describe('isMappedToRole', function() {
var user, app, role; var user, app, role;