models: move ACL LDL def into a json file

2014-10-13 10:55:08 +02:00 · 2014-10-13 10:55:08 +02:00 · 7c01d59d80
parent ef890d5f26
commit 7c01d59d80
5 changed files with 360 additions and 351 deletions
--- a/common/models/access-token.js
+++ b/common/models/access-token.js
@ -5,9 +5,7 @@
 var loopback = require('../../lib/loopback')
  , assert = require('assert')
  , uid = require('uid2')
-  , DEFAULT_TOKEN_LEN = 64
-  , Role = require('./role').Role
-  , ACL = require('./acl').ACL;
+  , DEFAULT_TOKEN_LEN = 64;

 /**
 * Token based authentication and access control.
--- a/common/models/acl.js
+++ b/common/models/acl.js
@ -45,6 +45,8 @@ var role = require('./role');
 var Role = role.Role;

 /**
+ * A Model for access control meta data.
+ *
 * System grants permissions to principals (users/applications, can be grouped
 * into roles).
 *
@ -54,18 +56,6 @@ var Role = role.Role;
 * For a given principal, such as client application and/or user, is it allowed
 * to access (read/write/execute)
 * the protected resource?
- */
-var ACLSchema = {
-  model: String, // The name of the model
-  property: String, // The name of the property, method, scope, or relation
-  accessType: String,
-  permission: String,
-  principalType: String,
-  principalId: String
-};
-
-/**
- * A Model for access control meta data.
 *
 * @header ACL
 * @property {String} model Name of the model.
@ -78,11 +68,12 @@ var ACLSchema = {
 *  - DENY: Explicitly denies access to the resource.
 * @property {String} principalType Type of the principal; one of: Application, Use, Role.
 * @property {String} principalId ID of the principal - such as appId, userId or roleId
- * @class
- * @inherits Model
+ *
+ * @class ACL
+ * @inherits PersistedModel
 */

-var ACL = loopback.PersistedModel.extend('ACL', ACLSchema);
+module.exports = function(ACL) {

  ACL.ALL = AccessContext.ALL;

@ -468,4 +459,4 @@ ACL.checkAccessForToken = function (token, model, modelId, method, callback) {
    });
  };

-module.exports.ACL = ACL;
+}
--- a/common/models/acl.json
+++ b/common/models/acl.json
@ -0,0 +1,17 @@
+{
+  "name": "ACL",
+  "properties": {
+    "model": {
+      "type": "string",
+      "description": "The name of the model"
+    },
+    "property": {
+      "type": "string",
+      "description": "The name of the property, method, scope, or relation"
+    },
+    "accessType": "string",
+    "permission": "string",
+    "principalType": "string",
+    "principalId": "string"
+  }
+}
--- a/lib/access-context.js
+++ b/lib/access-context.js
@ -281,7 +281,7 @@ AccessRequest.prototype.exactlyMatches = function(acl) {
 */

 AccessRequest.prototype.isAllowed = function() {
-  return this.permission !== require('../common/models/acl').ACL.DENY;
+  return this.permission !== loopback.ACL.DENY;
 }

 AccessRequest.prototype.debug = function() {
--- a/lib/builtin-models.js
+++ b/lib/builtin-models.js
@ -15,7 +15,10 @@ module.exports = function(loopback) {

  loopback.Role = require('../common/models/role').Role;
  loopback.RoleMapping = require('../common/models/role').RoleMapping;
-  loopback.ACL = require('../common/models/acl').ACL;
+
+  loopback.ACL = createModel(
+    require('../common/models/acl.json'),
+    require('../common/models/acl.js'));

  loopback.Scope = createModel(
    require('../common/models/scope.json'),