35 lines
1.2 KiB
JavaScript
35 lines
1.2 KiB
JavaScript
|
const UserError = require('vn-loopback/util/user-error');
|
||
|
|
||
|
module.exports = Self => {
|
||
|
Self.execute = async(ctx, routine, params, schema, type, options) => {
|
||
|
const userId = ctx.req.accessToken.userId;
|
||
|
const models = Self.app.models;
|
||
|
let caller = 'CALL';
|
||
|
|
||
|
params = params ?? [];
|
||
|
schema = schema ?? 'vn';
|
||
|
type = type ?? 'procedure';
|
||
|
|
||
|
const myOptions = {userId: ctx.req.accessToken.userId};
|
||
|
if (typeof options == 'object')
|
||
|
Object.assign(myOptions, options);
|
||
|
|
||
|
const chain = `${schema}.${routine}`;
|
||
|
const [canExecute] = await models.ProcsPriv.rawSql(
|
||
|
'SELECT account.user_hasRoutinePriv(?,?,?)',
|
||
|
[type.toUpperCase(), chain, userId],
|
||
|
myOptions);
|
||
|
if (!Object.values(canExecute)[0]) throw new UserError(`You don't have enough privileges`, 'ACCESS_DENIED');
|
||
|
|
||
|
const isFunction = type == 'function';
|
||
|
let argString = params.map(() => '?').join(',');
|
||
|
|
||
|
if (isFunction)
|
||
|
caller = 'SELECT';
|
||
|
const query = `${caller} ${chain}(${argString})`;
|
||
|
|
||
|
const [response] = await models.ProcsPriv.rawSql(query, params, myOptions);
|
||
|
return response;
|
||
|
};
|
||
|
};
|