Merge branch 'release/2.1.1' into production

This commit is contained in:
Raymond Feng 2014-08-08 16:01:22 -07:00
commit dfd7d411d4
9 changed files with 79 additions and 27 deletions

View File

@ -323,6 +323,7 @@ app.enableAuth = function() {
req.accessToken, req.accessToken,
modelId, modelId,
method, method,
ctx,
function(err, allowed) { function(err, allowed) {
// Emit any cached data events that fired while checking access. // Emit any cached data events that fired while checking access.
req.resume(); req.resume();

View File

@ -66,6 +66,7 @@ function AccessContext(context) {
if (token.appId) { if (token.appId) {
this.addPrincipal(Principal.APPLICATION, token.appId); this.addPrincipal(Principal.APPLICATION, token.appId);
} }
this.remotingContext = context.remotingContext;
} }
// Define constant for the wildcard // Define constant for the wildcard

View File

@ -185,10 +185,9 @@ Model.setup = function () {
// resolve relation functions // resolve relation functions
sharedClass.resolve(function resolver(define) { sharedClass.resolve(function resolver(define) {
var relations = ModelCtor.relations;
if (!relations) { var relations = ModelCtor.relations || {};
return;
}
// get the relations // get the relations
for (var relationName in relations) { for (var relationName in relations) {
var relation = relations[relationName]; var relation = relations[relationName];
@ -201,11 +200,14 @@ Model.setup = function () {
relation.type === 'embedsMany' || relation.type === 'embedsMany' ||
relation.type === 'referencesMany') { relation.type === 'referencesMany') {
ModelCtor.hasManyRemoting(relationName, relation, define); ModelCtor.hasManyRemoting(relationName, relation, define);
ModelCtor.scopeRemoting(relationName, relation, define);
} else {
ModelCtor.scopeRemoting(relationName, relation, define);
} }
} }
// handle scopes
var scopes = ModelCtor.scopes || {};
for (var scopeName in scopes) {
ModelCtor.scopeRemoting(scopeName, scopes[scopeName], define);
}
}); });
return ModelCtor; return ModelCtor;
@ -234,16 +236,23 @@ Model._ACL = function getACL(ACL) {
* @param {AccessToken} token The access token * @param {AccessToken} token The access token
* @param {*} modelId The model ID. * @param {*} modelId The model ID.
* @param {SharedMethod} sharedMethod The method in question * @param {SharedMethod} sharedMethod The method in question
* @param {Object} ctx The remote invocation context
* @callback {Function} callback The callback function * @callback {Function} callback The callback function
* @param {String|Error} err The error object * @param {String|Error} err The error object
* @param {Boolean} allowed True if the request is allowed; false otherwise. * @param {Boolean} allowed True if the request is allowed; false otherwise.
*/ */
Model.checkAccess = function(token, modelId, sharedMethod, callback) { Model.checkAccess = function(token, modelId, sharedMethod, ctx, callback) {
var ANONYMOUS = require('./access-token').ANONYMOUS; var ANONYMOUS = require('./access-token').ANONYMOUS;
token = token || ANONYMOUS; token = token || ANONYMOUS;
var aclModel = Model._ACL(); var aclModel = Model._ACL();
ctx = ctx || {};
if(typeof ctx === 'function' && callback === undefined) {
callback = ctx;
ctx = {};
}
aclModel.checkAccessForContext({ aclModel.checkAccessForContext({
accessToken: token, accessToken: token,
model: this, model: this,
@ -251,7 +260,8 @@ Model.checkAccess = function(token, modelId, sharedMethod, callback) {
method: sharedMethod.name, method: sharedMethod.name,
sharedMethod: sharedMethod, sharedMethod: sharedMethod,
modelId: modelId, modelId: modelId,
accessType: this._getAccessTypeForMethod(sharedMethod) accessType: this._getAccessTypeForMethod(sharedMethod),
remotingContext: ctx
}, function(err, accessRequest) { }, function(err, accessRequest) {
if(err) return callback(err); if(err) return callback(err);
callback(null, accessRequest.isAllowed()); callback(null, accessRequest.isAllowed());
@ -346,6 +356,8 @@ Model.remoteMethod = function(name, options) {
} }
Model.belongsToRemoting = function(relationName, relation, define) { Model.belongsToRemoting = function(relationName, relation, define) {
var modelName = relation.modelTo && relation.modelTo.modelName;
modelName = modelName || 'PersistedModel';
var fn = this.prototype[relationName]; var fn = this.prototype[relationName];
var pathName = (relation.options.http && relation.options.http.path) || relationName; var pathName = (relation.options.http && relation.options.http.path) || relationName;
define('__get__' + relationName, { define('__get__' + relationName, {
@ -353,7 +365,7 @@ Model.belongsToRemoting = function(relationName, relation, define) {
http: {verb: 'get', path: '/' + pathName}, http: {verb: 'get', path: '/' + pathName},
accepts: {arg: 'refresh', type: 'boolean', http: {source: 'query'}}, accepts: {arg: 'refresh', type: 'boolean', http: {source: 'query'}},
description: 'Fetches belongsTo relation ' + relationName, description: 'Fetches belongsTo relation ' + relationName,
returns: {arg: relationName, type: relation.modelTo.modelName, root: true} returns: {arg: relationName, type: modelName, root: true}
}, fn); }, fn);
} }
@ -464,30 +476,32 @@ Model.hasManyRemoting = function (relationName, relation, define) {
} }
}; };
Model.scopeRemoting = function(relationName, relation, define) { Model.scopeRemoting = function(scopeName, scope, define) {
var pathName = (relation.options.http && relation.options.http.path) || relationName; var pathName = (scope.options && scope.options.http && scope.options.http.path)
var toModelName = relation.modelTo.modelName; || scopeName;
var isStatic = scope.isStatic;
var toModelName = scope.modelTo.modelName;
define('__get__' + relationName, { define('__get__' + scopeName, {
isStatic: false, isStatic: isStatic,
http: {verb: 'get', path: '/' + pathName}, http: {verb: 'get', path: '/' + pathName},
accepts: {arg: 'filter', type: 'object'}, accepts: {arg: 'filter', type: 'object'},
description: 'Queries ' + relationName + ' of ' + this.modelName + '.', description: 'Queries ' + scopeName + ' of ' + this.modelName + '.',
returns: {arg: relationName, type: [toModelName], root: true} returns: {arg: scopeName, type: [toModelName], root: true}
}); });
define('__create__' + relationName, { define('__create__' + scopeName, {
isStatic: false, isStatic: isStatic,
http: {verb: 'post', path: '/' + pathName}, http: {verb: 'post', path: '/' + pathName},
accepts: {arg: 'data', type: toModelName, http: {source: 'body'}}, accepts: {arg: 'data', type: toModelName, http: {source: 'body'}},
description: 'Creates a new instance in ' + relationName + ' of this model.', description: 'Creates a new instance in ' + scopeName + ' of this model.',
returns: {arg: 'data', type: toModelName, root: true} returns: {arg: 'data', type: toModelName, root: true}
}); });
define('__delete__' + relationName, { define('__delete__' + scopeName, {
isStatic: false, isStatic: isStatic,
http: {verb: 'delete', path: '/' + pathName}, http: {verb: 'delete', path: '/' + pathName},
description: 'Deletes all ' + relationName + ' of this model.' description: 'Deletes all ' + scopeName + ' of this model.'
}); });
}; };

View File

@ -289,7 +289,7 @@ User.prototype.verify = function (options, fn) {
options.user = this; options.user = this;
options.protocol = options.protocol || 'http'; options.protocol = options.protocol || 'http';
var app = this.app; var app = userModel.app;
options.host = options.host || (app && app.get('host')) || 'localhost'; options.host = options.host || (app && app.get('host')) || 'localhost';
options.port = options.port || (app && app.get('port')) || 3000; options.port = options.port || (app && app.get('port')) || 3000;
options.restApiRoot = options.restApiRoot || (app && app.get('restApiRoot')) || '/api'; options.restApiRoot = options.restApiRoot || (app && app.get('restApiRoot')) || '/api';

View File

@ -26,7 +26,7 @@
"mobile", "mobile",
"mBaaS" "mBaaS"
], ],
"version": "2.1.0", "version": "2.1.1",
"scripts": { "scripts": {
"test": "grunt mocha-and-karma" "test": "grunt mocha-and-karma"
}, },

View File

@ -160,6 +160,19 @@ describe('access control - integration', function () {
}); });
describe('/accounts', function () { describe('/accounts', function () {
var count = 0;
before(function() {
var roleModel = loopback.getModelByType(loopback.Role);
roleModel.registerResolver('$dummy', function (role, context, callback) {
process.nextTick(function () {
if(context.remotingContext) {
count++;
}
callback && callback(null, false); // Always true
});
});
});
lt.beforeEach.givenModel('account'); lt.beforeEach.givenModel('account');
lt.it.shouldBeDeniedWhenCalledAnonymously('GET', '/api/accounts'); lt.it.shouldBeDeniedWhenCalledAnonymously('GET', '/api/accounts');
@ -170,7 +183,6 @@ describe('access control - integration', function () {
lt.it.shouldBeDeniedWhenCalledUnauthenticated('GET', urlForAccount); lt.it.shouldBeDeniedWhenCalledUnauthenticated('GET', urlForAccount);
lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER, 'GET', urlForAccount); lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER, 'GET', urlForAccount);
lt.it.shouldBeDeniedWhenCalledAnonymously('POST', '/api/accounts'); lt.it.shouldBeDeniedWhenCalledAnonymously('POST', '/api/accounts');
lt.it.shouldBeDeniedWhenCalledUnauthenticated('POST', '/api/accounts'); lt.it.shouldBeDeniedWhenCalledUnauthenticated('POST', '/api/accounts');
lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER, 'POST', '/api/accounts'); lt.it.shouldBeDeniedWhenCalledByUser(CURRENT_USER, 'POST', '/api/accounts');

View File

@ -124,6 +124,13 @@
"principalType": "ROLE", "principalType": "ROLE",
"principalId": "$owner", "principalId": "$owner",
"property": "deleteById" "property": "deleteById"
},
{
"accessType": "*",
"permission": "DENY",
"property": "find",
"principalType": "ROLE",
"principalId": "$dummy"
} }
] ]
}, },

View File

@ -45,6 +45,13 @@
"public": true, "public": true,
"dataSource": "db", "dataSource": "db",
"options": { "options": {
"scopes": {
"superStores": {
"where": {
"size": "super"
}
}
},
"relations": { "relations": {
"widgets": { "widgets": {
"model": "widget", "model": "widget",

View File

@ -25,6 +25,16 @@ describe('relations - integration', function () {
this.app.models.widget.destroyAll(done); this.app.models.widget.destroyAll(done);
}); });
describe('/store/superStores', function() {
it('should invoke scoped methods remotely', function(done) {
this.get('/api/stores/superStores')
.expect(200, function(err, res) {
expect(res.body).to.be.array;
done();
});
});
});
describe('/store/:id/widgets', function () { describe('/store/:id/widgets', function () {
beforeEach(function() { beforeEach(function() {
this.url = '/api/stores/' + this.store.id + '/widgets'; this.url = '/api/stores/' + this.store.id + '/widgets';