Fix the permission check

This commit is contained in:
Raymond Feng 2013-11-13 17:07:43 -08:00
parent be3c40c3d3
commit 94f12d0fce
2 changed files with 20 additions and 7 deletions

View File

@ -144,7 +144,7 @@ ACL.checkPermission = function (principalType, principalId, model, property, acc
if (previousValue.accessType === currentValue.accessType || (previousValue.accessType === ACL.ALL && currentValue.accessType)) { if (previousValue.accessType === currentValue.accessType || (previousValue.accessType === ACL.ALL && currentValue.accessType)) {
previousValue.accessType = currentValue.accessType; previousValue.accessType = currentValue.accessType;
} }
currentValue.permission = overridePermission(previousValue.permission, currentValue.permission); previousValue.permission = overridePermission(previousValue.permission, currentValue.permission);
} }
return previousValue; return previousValue;
}, {principalType: principalType, principalId: principalId, model: model, property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW}); }, {principalType: principalType, principalId: principalId, model: model, property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW});
@ -180,7 +180,7 @@ Scope.checkPermission = function (scope, model, property, accessType, callback)
if (previousValue.accessType === currentValue.accessType || (previousValue.accessType === ACL.ALL && currentValue.accessType)) { if (previousValue.accessType === currentValue.accessType || (previousValue.accessType === ACL.ALL && currentValue.accessType)) {
previousValue.accessType = currentValue.accessType; previousValue.accessType = currentValue.accessType;
} }
currentValue.permission = overridePermission(previousValue.permission, currentValue.permission); previousValue.permission = overridePermission(previousValue.permission, currentValue.permission);
} }
return previousValue; return previousValue;
}, {model: model, property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW}); }, {model: model, property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW});

View File

@ -45,11 +45,24 @@ describe('security scopes', function () {
// console.log(scope); // console.log(scope);
ACL.create({principalType: ACL.SCOPE, principalId: scope.id, ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW}, model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW},
function (err, resource) {
ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
model: 'user', property: 'name', accessType: ACL.WRITE, permission: ACL.DENY},
function (err, resource) { function (err, resource) {
// console.log(resource); // console.log(resource);
Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult); Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, function (err, perm) {
Scope.checkPermission('user', 'user', 'name', ACL.ALL, checkResult); assert(perm.permission === ACL.ALLOW);
Scope.checkPermission('user', 'user', 'name', ACL.READ, checkResult); });
Scope.checkPermission('user', 'user', 'name', ACL.ALL, function (err, perm) {
assert(perm.permission === ACL.ALLOW);
});
Scope.checkPermission('user', 'user', 'name', ACL.READ, function (err, perm) {
assert(perm.permission === ACL.ALLOW);
});
Scope.checkPermission('user', 'user', 'name', ACL.WRITE, function (err, perm) {
assert(perm.permission === ACL.DENY);
});
});
}); });
}); });