verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support scopes defined via model settings

This commit is contained in:
Miroslav Bajtoš 2017-03-29 14:23:26 +02:00 committed by ebarault
parent fab857dd5f
commit a035db9624
2 changed files with 57 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/access-context.js
View File

@ -207,12 +207,28 @@ AccessContext.prototype.getScopes = function() {
// are assigned a single "DEFAULT" scope // are assigned a single "DEFAULT" scope
const methodLevel = this.sharedMethod.accessScopes || DEFAULT_SCOPES; const methodLevel = this.sharedMethod.accessScopes || DEFAULT_SCOPES;
// TODO add model-level and app-level scopes // TODO app-level scopes
const modelSettings = this.sharedMethod.sharedClass.ctor.settings || {};
const modelScopes = modelSettings.accessScopes || {};
const allMethodNames = [this.sharedMethod.name]
.concat(this.sharedMethod.aliases)
.map(n => (this.sharedMethod.isStatic ? '' : 'prototype.') + n);
debug('--Context scopes of %s()--', this.sharedMethod.stringName); debug('--Context scopes of %s()--', this.sharedMethod.stringName);
debug(' method-level: %j', methodLevel); debug(' method-level: %j', methodLevel);
debug(' model-level:');
let modelLevel = [];
allMethodNames.forEach(alias => {
const scopes = modelScopes[alias];
if (!scopes) return;
modelLevel = modelLevel.concat(scopes);
debug(' - %s: %j', alias, scopes);
});
if (!modelLevel.length)
debug(' (empty)');
return methodLevel; return methodLevel.concat(modelLevel);
}; };
/** /**

39
test/authorization-scopes.test.js
View File

@ -69,6 +69,45 @@ describe('Authorization scopes', () => {
}); });
}); });
describe('scope config defined at model-level', () => {
beforeEach(logAllServerErrors);
it('hounours scope defined for method name', () => {
User.settings.accessScopes = {
findById: ['read'],
};
return givenScopedToken(['read']).then(() => {
return request.get('/users/' + testUser.id)
.set('Authorization', scopedToken.id)
.expect(200);
});
});
it('honours scope defined for method alias', () => {
User.settings.accessScopes = {
'prototype.updateAttributes': ['write'],
};
return givenScopedToken(['write']).then(() => {
return request.patch('/users/' + testUser.id)
.send({username: 'test-user'})
.set('Authorization', scopedToken.id)
.expect(200);
});
});
it('adds model-level scopes to method-level scopes', () => {
User.settings.accessScopes = {
findById: ['read'],
};
return request.get('/users/' + testUser.id)
.set('Authorization', regularToken.id)
.expect(200);
});
});
function givenAppAndRequest() { function givenAppAndRequest() {
app = loopback({localRegistry: true, loadBuiltinModels: true}); app = loopback({localRegistry: true, loadBuiltinModels: true});
app.set('remoting', {rest: {handleErrors: false}}); app.set('remoting', {rest: {handleErrors: false}});