verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make sure defaultPermission is checked

This commit is contained in:
Raymond Feng 2014-01-16 15:05:10 -08:00
parent 7212ebe805
commit a6ff22c9c1
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/models/acl.js
View File

@ -406,6 +406,9 @@ ACL.checkAccess = function (context, callback) {
return; return;
} }
var resolved = self.resolvePermission(effectiveACLs, req); var resolved = self.resolvePermission(effectiveACLs, req);
if(resolved && resolved.permission === ACL.DEFAULT) {
resolved.permission = (model && model.settings.defaultPermission) || ACL.ALLOW;
}
debug('checkAccess() returns: %j', resolved); debug('checkAccess() returns: %j', resolved);
callback && callback(null, resolved); callback && callback(null, resolved);
}); });

15
test/acl.test.js
View File

@ -213,7 +213,8 @@ describe('security ACLs', function () {
}, { }, {
acls: [ acls: [
{principalType: ACL.USER, principalId: userId, accessType: ACL.ALL, permission: ACL.ALLOW} {principalType: ACL.USER, principalId: userId, accessType: ACL.ALL, permission: ACL.ALLOW}
] ],
defaultPermission: 'DENY'
}); });
ACL.create({principalType: ACL.USER, principalId: userId, model: 'Customer', property: ACL.ALL, ACL.create({principalType: ACL.USER, principalId: userId, model: 'Customer', property: ACL.ALL,
@ -243,6 +244,18 @@ describe('security ACLs', function () {
}, function(err, access) { }, function(err, access) {
assert(!err && access.permission === ACL.ALLOW); assert(!err && access.permission === ACL.ALLOW);
}); });
ACL.checkAccess({
principals: [
{type: ACL.ROLE, id: Role.EVERYONE}
],
model: 'Customer',
property: 'name',
accessType: ACL.READ
}, function(err, access) {
assert(!err && access.permission === ACL.DENY);
});
}); });
}); });
}); });