Use the new remoting.authorization hook for check access
This commit is contained in:
parent
694ab814f9
commit
9cde2a45be
|
@ -295,7 +295,8 @@ app.enableAuth = function() {
|
|||
var remotes = this.remotes();
|
||||
var app = this;
|
||||
|
||||
remotes.before('**', function(ctx, next, method) {
|
||||
remotes.authorization = function(ctx, next) {
|
||||
var method = ctx.method;
|
||||
var req = ctx.req;
|
||||
var Model = method.ctor;
|
||||
var modelInstance = ctx.instance;
|
||||
|
@ -354,7 +355,7 @@ app.enableAuth = function() {
|
|||
} else {
|
||||
next();
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
this.isAuthEnabled = true;
|
||||
};
|
||||
|
|
|
@ -356,3 +356,42 @@ describe('security ACLs', function() {
|
|||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('access check', function() {
|
||||
var app;
|
||||
before(function() {
|
||||
app = loopback();
|
||||
app.use(loopback.rest());
|
||||
app.enableAuth();
|
||||
app.dataSource('test', {connector: 'memory'});
|
||||
});
|
||||
|
||||
it('should occur before other remote hooks', function(done) {
|
||||
var MyTestModel = app.model('MyTestModel', {base: 'PersistedModel', dataSource: 'test'});
|
||||
var checkAccessCalled = false;
|
||||
var beforeHookCalled = false;
|
||||
|
||||
// fake / spy on the checkAccess method
|
||||
MyTestModel.checkAccess = function() {
|
||||
var cb = arguments[arguments.length - 1];
|
||||
checkAccessCalled = true;
|
||||
var allowed = true;
|
||||
cb(null, allowed);
|
||||
};
|
||||
|
||||
MyTestModel.beforeRemote('find', function(ctx, next) {
|
||||
// ensure this is called after checkAccess
|
||||
if (!checkAccessCalled) return done(new Error('incorrect order'));
|
||||
beforeHookCalled = true;
|
||||
next();
|
||||
});
|
||||
|
||||
request(app)
|
||||
.get('/MyTestModels')
|
||||
.end(function(err, result) {
|
||||
assert(beforeHookCalled, 'the before hook should be called');
|
||||
assert(checkAccessCalled, 'checkAccess should have been called');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue