verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix the permission check

This commit is contained in:
Raymond Feng 2013-11-13 17:07:43 -08:00
parent be3c40c3d3
commit 94f12d0fce
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/models/acl.js
View File

@ -144,7 +144,7 @@ ACL.checkPermission = function (principalType, principalId, model, property, acc
if (previousValue.accessType === currentValue.accessType || (previousValue.accessType === ACL.ALL && currentValue.accessType)) {
previousValue.accessType = currentValue.accessType;
}
currentValue.permission = overridePermission(previousValue.permission, currentValue.permission);
previousValue.permission = overridePermission(previousValue.permission, currentValue.permission);
}
return previousValue;
}, {principalType: principalType, principalId: principalId, model: model, property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW});
@ -180,7 +180,7 @@ Scope.checkPermission = function (scope, model, property, accessType, callback)
if (previousValue.accessType === currentValue.accessType || (previousValue.accessType === ACL.ALL && currentValue.accessType)) {
previousValue.accessType = currentValue.accessType;
}
currentValue.permission = overridePermission(previousValue.permission, currentValue.permission);
previousValue.permission = overridePermission(previousValue.permission, currentValue.permission);
}
return previousValue;
}, {model: model, property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW});

23
test/acl.test.js
View File

@ -46,11 +46,24 @@ describe('security scopes', function () {
ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW},
function (err, resource) {
// console.log(resource);
Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult);
Scope.checkPermission('user', 'user', 'name', ACL.ALL, checkResult);
Scope.checkPermission('user', 'user', 'name', ACL.READ, checkResult);
});
ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
model: 'user', property: 'name', accessType: ACL.WRITE, permission: ACL.DENY},
function (err, resource) {
// console.log(resource);
Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, function (err, perm) {
assert(perm.permission === ACL.ALLOW);
});
Scope.checkPermission('user', 'user', 'name', ACL.ALL, function (err, perm) {
assert(perm.permission === ACL.ALLOW);
});
Scope.checkPermission('user', 'user', 'name', ACL.READ, function (err, perm) {
assert(perm.permission === ACL.ALLOW);
});
Scope.checkPermission('user', 'user', 'name', ACL.WRITE, function (err, perm) {
assert(perm.permission === ACL.DENY);
});
});
});
});
});