verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix the permission resolution

This commit is contained in:
Raymond Feng 2013-11-13 17:24:42 -08:00
parent cc7560b258
commit 8e679d0927
2 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/models/acl.js
View File

@ -131,9 +131,9 @@ function overridePermission(p1, p2) {
*/
ACL.checkPermission = function (principalType, principalId, model, property, accessType, callback) {
property = property || ACL.ALL;
var propertyQuery = (property === ACL.ALL) ? ACL.ALL : {inq: [property, ACL.ALL]};
var propertyQuery = (property === ACL.ALL) ? undefined : {inq: [property, ACL.ALL]};
accessType = accessType || ACL.aLL;
var accessTypeQuery = (accessType === ACL.ALL) ? ACL.ALL : {inq: [accessType, ACL.ALL]};
var accessTypeQuery = (accessType === ACL.ALL) ? undefined : {inq: [accessType, ACL.ALL]};
ACL.find({where: {principalType: principalType, principalId: principalId,
model: model, property: propertyQuery, accessType: accessTypeQuery}},

18
test/acl.test.js
View File

@ -51,10 +51,10 @@ describe('security scopes', function () {
function (err, resource) {
// console.log(resource);
Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, function (err, perm) {
assert(perm.permission === ACL.ALLOW);
assert(perm.permission === ACL.DENY); // because name.WRITE == DENY
});
Scope.checkPermission('user', 'user', 'name', ACL.ALL, function (err, perm) {
assert(perm.permission === ACL.ALLOW);
assert(perm.permission === ACL.DENY); // because name.WRITE == DENY
});
Scope.checkPermission('user', 'user', 'name', ACL.READ, function (err, perm) {
assert(perm.permission === ACL.ALLOW);
@ -76,11 +76,21 @@ describe('security ACLs', function () {
var ds = loopback.createDataSource({connector: loopback.Memory});
ACL.attachTo(ds);
ACL.create({principalType: 'user', principalId: 'u001', model: 'user', property: ACL.ALL,
accessType: ACL.ALL, permission: ACL.ALLOW}, function (err, acl) {
ACL.checkPermission('user', 'u001', 'user', 'u001', ACL.READ, checkResult);
ACL.create({principalType: 'user', principalId: 'u001', model: 'user', property: ACL.ALL,
accessType: ACL.READ, permission: ACL.DENY}, function (err, acl) {
ACL.checkPermission('user', 'u001', 'user', 'name', ACL.READ, function (err, perm) {
assert(perm.permission === ACL.DENY);
});
ACL.checkPermission('user', 'u001', 'user', 'name', ACL.ALL, function (err, perm) {
assert(perm.permission === ACL.DENY);
});
});
});