verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge ScopeACL into ACL

This commit is contained in:
Raymond Feng 2013-11-13 10:02:59 -08:00
parent 0430cd2ae3
commit 660ef89755
2 changed files with 12 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
lib/models/acl.js
View File

@ -41,34 +41,6 @@ var ScopeSchema = {
description: String description: String
}; };
var ScopeACLSchema = {
model: String, // The name of the model
property: String, // The name of the property, method, scope, or relation
/**
* Name of the access type - READ/WRITE/EXEC
*/
accessType: String,
/**
* ALARM - Generate an alarm, in a system dependent way, the access specified in the permissions component of the ACL entry.
* ALLOW - Explicitly grants access to the resource.
* AUDIT - Log, in a system dependent way, the access specified in the permissions component of the ACL entry.
* DENY - Explicitly denies access to the resource.
*/
permission: String,
scopeId: Number
};
var ScopeACL = loopback.createModel('ScopeACL', ScopeACLSchema, {
relations: {
scope: {
type: 'belongsTo',
model: 'Scope',
foreignKey: 'scopeId'
}
}
});
/** /**
* Resource owner grants/delegates permissions to client applications * Resource owner grants/delegates permissions to client applications
@ -78,15 +50,7 @@ var ScopeACL = loopback.createModel('ScopeACL', ScopeACLSchema, {
* Scope has many resource access entries * Scope has many resource access entries
* @type {createModel|*} * @type {createModel|*}
*/ */
var Scope = loopback.createModel('Scope', ScopeSchema, { var Scope = loopback.createModel('Scope', ScopeSchema);
relations: {
resources: {
type: 'hasMany',
model: 'ScopeACL',
foreignKey: 'scopeId'
}
}
});
/** /**
* System grants permissions to principals (users/applications, can be grouped into roles). * System grants permissions to principals (users/applications, can be grouped into roles).
@ -139,6 +103,7 @@ ACL.EXECUTE = 'EXECUTE';
ACL.USER = 'USER'; ACL.USER = 'USER';
ACL.APP = ACL.APPLICATION = 'APP'; ACL.APP = ACL.APPLICATION = 'APP';
ACL.ROLE = 'ROLE'; ACL.ROLE = 'ROLE';
ACL.SCOPE = 'SCOPE';
var permissionOrder = { var permissionOrder = {
ALLOW: 1, ALLOW: 1,
@ -200,7 +165,9 @@ Scope.checkPermission = function (scope, model, property, accessType, callback)
if (err) { if (err) {
callback && callback(err); callback && callback(err);
} else { } else {
scope.resources({where: {model: model, property: {inq: [property, ACL.ALL]}, accessType: {inq: [accessType, ACL.ALL]}}}, function (err, resources) { ACL.find({where: {principalType: ACL.SCOPE, principalId: scope.id,
model: model, property: {inq: [property, ACL.ALL]},
accessType: {inq: [accessType, ACL.ALL]}}}, function (err, resources) {
if (err) { if (err) {
callback && callback(err); callback && callback(err);
return; return;
@ -227,6 +194,5 @@ Scope.checkPermission = function (scope, model, property, accessType, callback)
module.exports = { module.exports = {
ACL: ACL, ACL: ACL,
Scope: Scope, Scope: Scope
ScopeACL: ScopeACL
}; };

10
test/acl.test.js
View File

@ -16,13 +16,14 @@ describe('security scopes', function () {
it("should allow access to models for the given scope by wildcard", function () { it("should allow access to models for the given scope by wildcard", function () {
var ds = loopback.createDataSource({connector: loopback.Memory}); var ds = loopback.createDataSource({connector: loopback.Memory});
Scope.attachTo(ds); Scope.attachTo(ds);
ScopeACL.attachTo(ds); ACL.attachTo(ds);
// console.log(Scope.relations); // console.log(Scope.relations);
Scope.create({name: 'user', description: 'access user information'}, function (err, scope) { Scope.create({name: 'user', description: 'access user information'}, function (err, scope) {
// console.log(scope); // console.log(scope);
scope.resources.create({model: 'user', property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW}, ACL.create({principalType: ACL.SCOPE, principalId: scope.id, model: 'user', property: ACL.ALL,
accessType: ACL.ALL, permission: ACL.ALLOW},
function (err, resource) { function (err, resource) {
// console.log(resource); // console.log(resource);
Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult); Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult);
@ -36,13 +37,14 @@ describe('security scopes', function () {
it("should allow access to models for the given scope", function () { it("should allow access to models for the given scope", function () {
var ds = loopback.createDataSource({connector: loopback.Memory}); var ds = loopback.createDataSource({connector: loopback.Memory});
Scope.attachTo(ds); Scope.attachTo(ds);
ScopeACL.attachTo(ds); ACL.attachTo(ds);
// console.log(Scope.relations); // console.log(Scope.relations);
Scope.create({name: 'user', description: 'access user information'}, function (err, scope) { Scope.create({name: 'user', description: 'access user information'}, function (err, scope) {
// console.log(scope); // console.log(scope);
scope.resources.create({model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW}, ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW},
function (err, resource) { function (err, resource) {
// console.log(resource); // console.log(resource);
Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult); Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult);