2023-11-10 09:58:58 +00:00
|
|
|
const UserError = require('vn-loopback/util/user-error');
|
|
|
|
|
|
|
|
module.exports = Self => {
|
2023-11-14 08:17:46 +00:00
|
|
|
Self.execute = async(ctx, type, query, params, options) => {
|
2023-11-10 09:58:58 +00:00
|
|
|
const userId = ctx.req.accessToken.userId;
|
|
|
|
const models = Self.app.models;
|
|
|
|
params = params ?? [];
|
|
|
|
|
|
|
|
const myOptions = {userId: ctx.req.accessToken.userId};
|
|
|
|
if (typeof options == 'object')
|
|
|
|
Object.assign(myOptions, options);
|
|
|
|
|
2023-11-14 08:17:46 +00:00
|
|
|
const chain = query.split(' ')[1];
|
2023-11-13 08:36:20 +00:00
|
|
|
|
2023-11-10 09:58:58 +00:00
|
|
|
const [canExecute] = await models.ProcsPriv.rawSql(
|
|
|
|
'SELECT account.user_hasRoutinePriv(?,?,?)',
|
2023-11-14 08:17:46 +00:00
|
|
|
[type, chain, userId],
|
2023-11-10 09:58:58 +00:00
|
|
|
myOptions);
|
2023-11-13 08:36:20 +00:00
|
|
|
|
2023-11-10 09:58:58 +00:00
|
|
|
if (!Object.values(canExecute)[0]) throw new UserError(`You don't have enough privileges`, 'ACCESS_DENIED');
|
|
|
|
|
2023-11-14 08:17:46 +00:00
|
|
|
const argString = params.map(() => '?').join(',');
|
2023-11-10 09:58:58 +00:00
|
|
|
|
2023-11-14 13:02:40 +00:00
|
|
|
const response = await models.ProcsPriv.rawSql(query + `(${argString})`, params, myOptions);
|
|
|
|
if (!Array.isArray(response)) return;
|
|
|
|
return response[0];
|
2023-11-10 09:58:58 +00:00
|
|
|
};
|
|
|
|
};
|