Merge branch 'release/2.1.1' into production
This commit is contained in:
commit
dfd7d411d4
|
@ -323,6 +323,7 @@ app.enableAuth = function() {
|
||||||
req.accessToken,
|
req.accessToken,
|
||||||
modelId,
|
modelId,
|
||||||
method,
|
method,
|
||||||
|
ctx,
|
||||||
function(err, allowed) {
|
function(err, allowed) {
|
||||||
// Emit any cached data events that fired while checking access.
|
// Emit any cached data events that fired while checking access.
|
||||||
req.resume();
|
req.resume();
|
||||||
|
|
|
@ -66,6 +66,7 @@ function AccessContext(context) {
|
||||||
if (token.appId) {
|
if (token.appId) {
|
||||||
this.addPrincipal(Principal.APPLICATION, token.appId);
|
this.addPrincipal(Principal.APPLICATION, token.appId);
|
||||||
}
|
}
|
||||||
|
this.remotingContext = context.remotingContext;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Define constant for the wildcard
|
// Define constant for the wildcard
|
||||||
|
|
|
@ -185,10 +185,9 @@ Model.setup = function () {
|
||||||
|
|
||||||
// resolve relation functions
|
// resolve relation functions
|
||||||
sharedClass.resolve(function resolver(define) {
|
sharedClass.resolve(function resolver(define) {
|
||||||
var relations = ModelCtor.relations;
|
|
||||||
if (!relations) {
|
var relations = ModelCtor.relations || {};
|
||||||
return;
|
|
||||||
}
|
|
||||||
// get the relations
|
// get the relations
|
||||||
for (var relationName in relations) {
|
for (var relationName in relations) {
|
||||||
var relation = relations[relationName];
|
var relation = relations[relationName];
|
||||||
|
@ -201,11 +200,14 @@ Model.setup = function () {
|
||||||
relation.type === 'embedsMany' ||
|
relation.type === 'embedsMany' ||
|
||||||
relation.type === 'referencesMany') {
|
relation.type === 'referencesMany') {
|
||||||
ModelCtor.hasManyRemoting(relationName, relation, define);
|
ModelCtor.hasManyRemoting(relationName, relation, define);
|
||||||
ModelCtor.scopeRemoting(relationName, relation, define);
|
|
||||||
} else {
|
|
||||||
ModelCtor.scopeRemoting(relationName, relation, define);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// handle scopes
|
||||||
|
var scopes = ModelCtor.scopes || {};
|
||||||
|
for (var scopeName in scopes) {
|
||||||
|
ModelCtor.scopeRemoting(scopeName, scopes[scopeName], define);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
return ModelCtor;
|
return ModelCtor;
|
||||||
|
@ -234,16 +236,23 @@ Model._ACL = function getACL(ACL) {
|
||||||
* @param {AccessToken} token The access token
|
* @param {AccessToken} token The access token
|
||||||
* @param {*} modelId The model ID.
|
* @param {*} modelId The model ID.
|
||||||
* @param {SharedMethod} sharedMethod The method in question
|
* @param {SharedMethod} sharedMethod The method in question
|
||||||
|
* @param {Object} ctx The remote invocation context
|
||||||
* @callback {Function} callback The callback function
|
* @callback {Function} callback The callback function
|
||||||
* @param {String|Error} err The error object
|
* @param {String|Error} err The error object
|
||||||
* @param {Boolean} allowed True if the request is allowed; false otherwise.
|
* @param {Boolean} allowed True if the request is allowed; false otherwise.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
Model.checkAccess = function(token, modelId, sharedMethod, callback) {
|
Model.checkAccess = function(token, modelId, sharedMethod, ctx, callback) {
|
||||||
var ANONYMOUS = require('./access-token').ANONYMOUS;
|
var ANONYMOUS = require('./access-token').ANONYMOUS;
|
||||||
token = token || ANONYMOUS;
|
token = token || ANONYMOUS;
|
||||||
var aclModel = Model._ACL();
|
var aclModel = Model._ACL();
|
||||||
|
|
||||||
|
ctx = ctx || {};
|
||||||
|
if(typeof ctx === 'function' && callback === undefined) {
|
||||||
|
callback = ctx;
|
||||||
|
ctx = {};
|
||||||
|
}
|
||||||
|
|
||||||
aclModel.checkAccessForContext({
|
aclModel.checkAccessForContext({
|
||||||
accessToken: token,
|
accessToken: token,
|
||||||
model: this,
|
model: this,
|
||||||
|
@ -251,7 +260,8 @@ Model.checkAccess = function(token, modelId, sharedMethod, callback) {
|
||||||
method: sharedMethod.name,
|
method: sharedMethod.name,
|
||||||
sharedMethod: sharedMethod,
|
sharedMethod: sharedMethod,
|
||||||
modelId: modelId,
|
modelId: modelId,
|
||||||
accessType: this._getAccessTypeForMethod(sharedMethod)
|
accessType: this._getAccessTypeForMethod(sharedMethod),
|
||||||
|
remotingContext: ctx
|
||||||
}, function(err, accessRequest) {
|
}, function(err, accessRequest) {
|
||||||
if(err) return callback(err);
|
if(err) return callback(err);
|
||||||
callback(null, accessRequest.isAllowed());
|
callback(null, accessRequest.isAllowed());
|
||||||
|
@ -346,6 +356,8 @@ Model.remoteMethod = function(name, options) {
|
||||||
}
|
}
|
||||||
|
|
||||||
Model.belongsToRemoting = function(relationName, relation, define) {
|
Model.belongsToRemoting = function(relationName, relation, define) {
|
||||||
|
var modelName = relation.modelTo && relation.modelTo.modelName;
|
||||||
|
modelName = modelName || 'PersistedModel';
|
||||||
var fn = this.prototype[relationName];
|
var fn = this.prototype[relationName];
|
||||||
var pathName = (relation.options.http && relation.options.http.path) || relationName;
|
var pathName = (relation.options.http && relation.options.http.path) || relationName;
|
||||||
define('__get__' + relationName, {
|
define('__get__' + relationName, {
|
||||||
|
@ -353,7 +365,7 @@ Model.belongsToRemoting = function(relationName, relation, define) {
|
||||||
http: {verb: 'get', path: '/' + pathName},
|
http: {verb: 'get', path: '/' + pathName},
|
||||||
accepts: {arg: 'refresh', type: 'boolean', http: {source: 'query'}},
|
accepts: {arg: 'refresh', type: 'boolean', http: {source: 'query'}},
|
||||||
description: 'Fetches belongsTo relation ' + relationName,
|
description: 'Fetches belongsTo relation ' + relationName,
|
||||||
returns: {arg: relationName, type: relation.modelTo.modelName, root: true}
|
returns: {arg: relationName, type: modelName, root: true}
|
||||||
}, fn);
|
}, fn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -464,30 +476,32 @@ Model.hasManyRemoting = function (relationName, relation, define) {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
Model.scopeRemoting = function(relationName, relation, define) {
|
Model.scopeRemoting = function(scopeName, scope, define) {
|
||||||
var pathName = (relation.options.http && relation.options.http.path) || relationName;
|
var pathName = (scope.options && scope.options.http && scope.options.http.path)
|
||||||
var toModelName = relation.modelTo.modelName;
|
|| scopeName;
|
||||||
|
var isStatic = scope.isStatic;
|
||||||
|
var toModelName = scope.modelTo.modelName;
|
||||||
|
|
||||||
define('__get__' + relationName, {
|
define('__get__' + scopeName, {
|
||||||
isStatic: false,
|
isStatic: isStatic,
|
||||||
http: {verb: 'get', path: '/' + pathName},
|
http: {verb: 'get', path: '/' + pathName},
|
||||||
accepts: {arg: 'filter', type: 'object'},
|
accepts: {arg: 'filter', type: 'object'},
|
||||||
description: 'Queries ' + relationName + ' of ' + this.modelName + '.',
|
description: 'Queries ' + scopeName + ' of ' + this.modelName + '.',
|
||||||
returns: {arg: relationName, type: [toModelName], root: true}
|
returns: {arg: scopeName, type: [toModelName], root: true}
|
||||||
});
|
});
|
||||||
|
|
||||||
define('__create__' + relationName, {
|
define('__create__' + scopeName, {
|
||||||
isStatic: false,
|
isStatic: isStatic,
|
||||||
http: {verb: 'post', path: '/' + pathName},
|
http: {verb: 'post', path: '/' + pathName},
|
||||||
accepts: {arg: 'data', type: toModelName, http: {source: 'body'}},
|
accepts: {arg: 'data', type: toModelName, http: {source: 'body'}},
|
||||||
description: 'Creates a new instance in ' + relationName + ' of this model.',
|
description: 'Creates a new instance in ' + scopeName + ' of this model.',
|
||||||
returns: {arg: 'data', type: toModelName, root: true}
|
returns: {arg: 'data', type: toModelName, root: true}
|
||||||
});
|
});
|
||||||
|
|
||||||
define('__delete__' + relationName, {
|
define('__delete__' + scopeName, {
|
||||||
isStatic: false,
|
isStatic: isStatic,
|
||||||
http: {verb: 'delete', path: '/' + pathName},
|
http: {verb: 'delete', path: '/' + pathName},
|
||||||
description: 'Deletes all ' + relationName + ' of this model.'
|
description: 'Deletes all ' + scopeName + ' of this model.'
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -289,7 +289,7 @@ User.prototype.verify = function (options, fn) {
|
||||||
options.user = this;
|
options.user = this;
|
||||||
options.protocol = options.protocol || 'http';
|
options.protocol = options.protocol || 'http';
|
||||||
|
|
||||||
var app = this.app;
|
var app = userModel.app;
|
||||||
options.host = options.host || (app && app.get('host')) || 'localhost';
|
options.host = options.host || (app && app.get('host')) || 'localhost';
|
||||||
options.port = options.port || (app && app.get('port')) || 3000;
|
options.port = options.port || (app && app.get('port')) || 3000;
|
||||||
options.restApiRoot = options.restApiRoot || (app && app.get('restApiRoot')) || '/api';
|
options.restApiRoot = options.restApiRoot || (app && app.get('restApiRoot')) || '/api';
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
"mobile",
|
"mobile",
|
||||||
"mBaaS"
|
"mBaaS"
|
||||||
],
|
],
|
||||||
"version": "2.1.0",
|
"version": "2.1.1",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"test": "grunt mocha-and-karma"
|
"test": "grunt mocha-and-karma"
|
||||||
},
|
},
|
||||||
|
|
|
@ -160,6 +160,19 @@ describe('access control - integration', function () {
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('/accounts', function () {
|
describe('/accounts', function () {
|
||||||
|
var count = 0;
|
||||||
|
before(function() {
|
||||||
|
var roleModel = loopback.getModelByType(loopback.Role);
|
||||||
|
roleModel.registerResolver('$dummy', function (role, context, callback) {
|
||||||
|
process.nextTick(function () {
|
||||||
|
if(context.remotingContext) {
|
||||||
|
count++;
|
||||||
|
}
|
||||||
|
callback && callback(null, false); // Always true
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
lt.beforeEach.givenModel('account');
|
lt.beforeEach.givenModel('account');
|
||||||
|
|
||||||
lt.it.shouldBeDeniedWhenCalledAnonymously('GET', '/api/accounts');
|
lt.it.shouldBeDeniedWhenCalledAnonymously('GET', '/api/accounts');
|
||||||
|
@ -170,7 +183,6 @@ describe('access control - integration', function () {
|
||||||
lt.it.shouldBeDeniedWhenCalledUnauthenticated('GET', urlForAccount);
|
lt.it.shouldBeDeniedWhenCalledUnauthenticated('GET', urlForAccount);
|
||||||
lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER, 'GET', urlForAccount);
|
lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER, 'GET', urlForAccount);
|
||||||
|
|
||||||
|
|
||||||
lt.it.shouldBeDeniedWhenCalledAnonymously('POST', '/api/accounts');
|
lt.it.shouldBeDeniedWhenCalledAnonymously('POST', '/api/accounts');
|
||||||
lt.it.shouldBeDeniedWhenCalledUnauthenticated('POST', '/api/accounts');
|
lt.it.shouldBeDeniedWhenCalledUnauthenticated('POST', '/api/accounts');
|
||||||
lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER, 'POST', '/api/accounts');
|
lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER, 'POST', '/api/accounts');
|
||||||
|
|
|
@ -124,6 +124,13 @@
|
||||||
"principalType": "ROLE",
|
"principalType": "ROLE",
|
||||||
"principalId": "$owner",
|
"principalId": "$owner",
|
||||||
"property": "deleteById"
|
"property": "deleteById"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"accessType": "*",
|
||||||
|
"permission": "DENY",
|
||||||
|
"property": "find",
|
||||||
|
"principalType": "ROLE",
|
||||||
|
"principalId": "$dummy"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
|
@ -45,6 +45,13 @@
|
||||||
"public": true,
|
"public": true,
|
||||||
"dataSource": "db",
|
"dataSource": "db",
|
||||||
"options": {
|
"options": {
|
||||||
|
"scopes": {
|
||||||
|
"superStores": {
|
||||||
|
"where": {
|
||||||
|
"size": "super"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"relations": {
|
"relations": {
|
||||||
"widgets": {
|
"widgets": {
|
||||||
"model": "widget",
|
"model": "widget",
|
||||||
|
|
|
@ -25,6 +25,16 @@ describe('relations - integration', function () {
|
||||||
this.app.models.widget.destroyAll(done);
|
this.app.models.widget.destroyAll(done);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe('/store/superStores', function() {
|
||||||
|
it('should invoke scoped methods remotely', function(done) {
|
||||||
|
this.get('/api/stores/superStores')
|
||||||
|
.expect(200, function(err, res) {
|
||||||
|
expect(res.body).to.be.array;
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
describe('/store/:id/widgets', function () {
|
describe('/store/:id/widgets', function () {
|
||||||
beforeEach(function() {
|
beforeEach(function() {
|
||||||
this.url = '/api/stores/' + this.store.id + '/widgets';
|
this.url = '/api/stores/' + this.store.id + '/widgets';
|
||||||
|
|
Loading…
Reference in New Issue