Fix the permission check
This commit is contained in:
parent
be3c40c3d3
commit
94f12d0fce
|
@ -144,7 +144,7 @@ ACL.checkPermission = function (principalType, principalId, model, property, acc
|
||||||
if (previousValue.accessType === currentValue.accessType || (previousValue.accessType === ACL.ALL && currentValue.accessType)) {
|
if (previousValue.accessType === currentValue.accessType || (previousValue.accessType === ACL.ALL && currentValue.accessType)) {
|
||||||
previousValue.accessType = currentValue.accessType;
|
previousValue.accessType = currentValue.accessType;
|
||||||
}
|
}
|
||||||
currentValue.permission = overridePermission(previousValue.permission, currentValue.permission);
|
previousValue.permission = overridePermission(previousValue.permission, currentValue.permission);
|
||||||
}
|
}
|
||||||
return previousValue;
|
return previousValue;
|
||||||
}, {principalType: principalType, principalId: principalId, model: model, property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW});
|
}, {principalType: principalType, principalId: principalId, model: model, property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW});
|
||||||
|
@ -180,7 +180,7 @@ Scope.checkPermission = function (scope, model, property, accessType, callback)
|
||||||
if (previousValue.accessType === currentValue.accessType || (previousValue.accessType === ACL.ALL && currentValue.accessType)) {
|
if (previousValue.accessType === currentValue.accessType || (previousValue.accessType === ACL.ALL && currentValue.accessType)) {
|
||||||
previousValue.accessType = currentValue.accessType;
|
previousValue.accessType = currentValue.accessType;
|
||||||
}
|
}
|
||||||
currentValue.permission = overridePermission(previousValue.permission, currentValue.permission);
|
previousValue.permission = overridePermission(previousValue.permission, currentValue.permission);
|
||||||
}
|
}
|
||||||
return previousValue;
|
return previousValue;
|
||||||
}, {model: model, property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW});
|
}, {model: model, property: ACL.ALL, accessType: ACL.ALL, permission: ACL.ALLOW});
|
||||||
|
|
|
@ -45,11 +45,24 @@ describe('security scopes', function () {
|
||||||
// console.log(scope);
|
// console.log(scope);
|
||||||
ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
|
ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
|
||||||
model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW},
|
model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW},
|
||||||
|
function (err, resource) {
|
||||||
|
ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
|
||||||
|
model: 'user', property: 'name', accessType: ACL.WRITE, permission: ACL.DENY},
|
||||||
function (err, resource) {
|
function (err, resource) {
|
||||||
// console.log(resource);
|
// console.log(resource);
|
||||||
Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult);
|
Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, function (err, perm) {
|
||||||
Scope.checkPermission('user', 'user', 'name', ACL.ALL, checkResult);
|
assert(perm.permission === ACL.ALLOW);
|
||||||
Scope.checkPermission('user', 'user', 'name', ACL.READ, checkResult);
|
});
|
||||||
|
Scope.checkPermission('user', 'user', 'name', ACL.ALL, function (err, perm) {
|
||||||
|
assert(perm.permission === ACL.ALLOW);
|
||||||
|
});
|
||||||
|
Scope.checkPermission('user', 'user', 'name', ACL.READ, function (err, perm) {
|
||||||
|
assert(perm.permission === ACL.ALLOW);
|
||||||
|
});
|
||||||
|
Scope.checkPermission('user', 'user', 'name', ACL.WRITE, function (err, perm) {
|
||||||
|
assert(perm.permission === ACL.DENY);
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue