verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Static ACL support array of properties now

This commit is contained in:
ulion 2015-03-05 18:35:18 +08:00
parent 84c65de38a
commit 9f705139f8
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
common/models/acl.js
View File

@ -256,10 +256,14 @@ module.exports = function(ACL) {
var staticACLs = [];
if (modelClass && modelClass.settings.acls) {
modelClass.settings.acls.forEach(function(acl) {
if (!acl.property || acl.property === ACL.ALL || property === acl.property) {
var prop = acl.property;
// We support static ACL property with array of string values.
if (Array.isArray(prop) && prop.indexOf(property) >= 0)
prop = property;
if (!prop || prop === ACL.ALL || property === prop) {
staticACLs.push(new ACL({
model: model,
property: acl.property || ACL.ALL,
property: prop || ACL.ALL,
principalType: acl.principalType,
principalId: acl.principalId, // TODO: Should it be a name?
accessType: acl.accessType || ACL.ALL,

6
test/acl.test.js
View File

@ -266,6 +266,8 @@ describe('security ACLs', function() {
{principalType: ACL.USER, principalId: 'u001', property: 'name',
accessType: ACL.ALL, permission: ACL.ALLOW},
{principalType: ACL.USER, principalId: 'u002', property: 'findOne',
accessType: ACL.ALL, permission: ACL.ALLOW},
{principalType: ACL.USER, principalId: 'u003', property: ['findOne', 'findById'],
accessType: ACL.ALL, permission: ACL.ALLOW}
]
});
@ -274,7 +276,11 @@ describe('security ACLs', function() {
assert(staticACLs.length === 3);
staticACLs = ACL.getStaticACLs('Model1', 'findOne');
assert(staticACLs.length === 2);
staticACLs = ACL.getStaticACLs('Model1', 'findById');
assert(staticACLs.length === 1);
assert(staticACLs[0].property === 'findById');
});
it('should check access against LDL, ACL, and Role', function() {