Merge ScopeACL into ACL

lib/models/acl.js

@@ -41,34 +41,6 @@ var ScopeSchema = {
   description: String
 };
 
-var ScopeACLSchema = {
-  model: String, // The name of the model
-  property: String, // The name of the property, method, scope, or relation
-
-  /**
-   * Name of the access type - READ/WRITE/EXEC
-   */
-  accessType: String,
-
-  /**
-   * ALARM - Generate an alarm, in a system dependent way, the access specified in the permissions component of the ACL entry.
-   * ALLOW - Explicitly grants access to the resource.
-   * AUDIT - Log, in a system dependent way, the access specified in the permissions component of the ACL entry.
-   * DENY - Explicitly denies access to the resource.
-   */
-  permission: String,
-  scopeId: Number
-};
-
-var ScopeACL = loopback.createModel('ScopeACL', ScopeACLSchema, {
-  relations: {
-    scope: {
-      type: 'belongsTo',
-      model: 'Scope',
-      foreignKey: 'scopeId'
-    }
-  }
-});
 
 /**
  * Resource owner grants/delegates permissions to client applications
@@ -78,15 +50,7 @@ var ScopeACL = loopback.createModel('ScopeACL', ScopeACLSchema, {
  * Scope has many resource access entries
  * @type {createModel|*}
  */
-var Scope = loopback.createModel('Scope', ScopeSchema, {
-  relations: {
-    resources: {
-      type: 'hasMany',
-      model: 'ScopeACL',
-      foreignKey: 'scopeId'
-    }
-  }
-});
+var Scope = loopback.createModel('Scope', ScopeSchema);
 
 /**
  * System grants permissions to principals (users/applications, can be grouped into roles).
@@ -139,6 +103,7 @@ ACL.EXECUTE = 'EXECUTE';
 ACL.USER = 'USER';
 ACL.APP = ACL.APPLICATION = 'APP';
 ACL.ROLE = 'ROLE';
+ACL.SCOPE = 'SCOPE';
 
 var permissionOrder = {
   ALLOW: 1,
@@ -200,7 +165,9 @@ Scope.checkPermission = function (scope, model, property, accessType, callback)
     if (err) {
       callback && callback(err);
     } else {
-      scope.resources({where: {model: model, property: {inq: [property, ACL.ALL]}, accessType: {inq: [accessType, ACL.ALL]}}}, function (err, resources) {
+      ACL.find({where: {principalType: ACL.SCOPE, principalId: scope.id,
+          model: model, property: {inq: [property, ACL.ALL]},
+          accessType: {inq: [accessType, ACL.ALL]}}}, function (err, resources) {
           if (err) {
             callback && callback(err);
             return;
@@ -227,6 +194,5 @@ Scope.checkPermission = function (scope, model, property, accessType, callback)
 
 module.exports = {
   ACL: ACL,
-  Scope: Scope,
-  ScopeACL: ScopeACL
+  Scope: Scope
 };

test/acl.test.js

@@ -16,13 +16,14 @@ describe('security scopes', function () {
   it("should allow access to models for the given scope by wildcard", function () {
     var ds = loopback.createDataSource({connector: loopback.Memory});
     Scope.attachTo(ds);
-    ScopeACL.attachTo(ds);
+    ACL.attachTo(ds);
 
     // console.log(Scope.relations);
 
     Scope.create({name: 'user', description: 'access user information'}, function (err, scope) {
       // console.log(scope);
-      scope.resources.create({model: 'user', property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW},
+      ACL.create({principalType: ACL.SCOPE, principalId: scope.id, model: 'user', property: ACL.ALL,
+          accessType: ACL.ALL, permission: ACL.ALLOW},
         function (err, resource) {
         // console.log(resource);
         Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult);
@@ -36,13 +37,14 @@ describe('security scopes', function () {
   it("should allow access to models for the given scope", function () {
     var ds = loopback.createDataSource({connector: loopback.Memory});
     Scope.attachTo(ds);
-    ScopeACL.attachTo(ds);
+    ACL.attachTo(ds);
 
     // console.log(Scope.relations);
 
     Scope.create({name: 'user', description: 'access user information'}, function (err, scope) {
       // console.log(scope);
-      scope.resources.create({model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW},
+      ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
+          model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW},
         function (err, resource) {
         // console.log(resource);
         Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult);