Use the new remoting.authorization hook for check access

This commit is contained in:
Ritchie Martori 2015-05-06 13:51:14 -07:00
parent 694ab814f9
commit 9cde2a45be
2 changed files with 42 additions and 2 deletions

View File

@ -295,7 +295,8 @@ app.enableAuth = function() {
var remotes = this.remotes();
var app = this;
remotes.before('**', function(ctx, next, method) {
remotes.authorization = function(ctx, next) {
var method = ctx.method;
var req = ctx.req;
var Model = method.ctor;
var modelInstance = ctx.instance;
@ -354,7 +355,7 @@ app.enableAuth = function() {
} else {
next();
}
});
};
this.isAuthEnabled = true;
};

View File

@ -356,3 +356,42 @@ describe('security ACLs', function() {
});
});
});
describe('access check', function() {
var app;
before(function() {
app = loopback();
app.use(loopback.rest());
app.enableAuth();
app.dataSource('test', {connector: 'memory'});
});
it('should occur before other remote hooks', function(done) {
var MyTestModel = app.model('MyTestModel', {base: 'PersistedModel', dataSource: 'test'});
var checkAccessCalled = false;
var beforeHookCalled = false;
// fake / spy on the checkAccess method
MyTestModel.checkAccess = function() {
var cb = arguments[arguments.length - 1];
checkAccessCalled = true;
var allowed = true;
cb(null, allowed);
};
MyTestModel.beforeRemote('find', function(ctx, next) {
// ensure this is called after checkAccess
if (!checkAccessCalled) return done(new Error('incorrect order'));
beforeHookCalled = true;
next();
});
request(app)
.get('/MyTestModels')
.end(function(err, result) {
assert(beforeHookCalled, 'the before hook should be called');
assert(checkAccessCalled, 'checkAccess should have been called');
done();
});
});
});