verdnatura-mirror
/
loopback
mirror of https://github.com/strongloop/loopback.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add more comments

This commit is contained in:
Raymond Feng 2014-03-19 16:24:50 -07:00
parent 328a72ac91
commit aaaa28d569
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/models/acl.js
View File

@ -138,7 +138,12 @@ ACL.getMatchingScore = function getMatchingScore(rule, req) {
}
}
// Weigh agaist the principal type
// Weigh against the principal type into 4 levels
// - user level (explicitly allow/deny a given user)
// - app level (explicitly allow/deny a given app)
// - role level (role based authorization)
// - other
// user > app > role > ...
score = score * 4;
switch(rule.principalType) {
case ACL.USER:
@ -155,6 +160,7 @@ ACL.getMatchingScore = function getMatchingScore(rule, req) {
}
// Weigh against the roles
// everyone < authenticated/unauthenticated < related < owner < ...
score = score * 8;
if(rule.principalType === ACL.ROLE) {
switch(rule.principalId) {