2018-07-09 16:06:25 +00:00
|
|
|
|
|
|
|
|
const ParameterizedSQL = require('loopback-connector').ParameterizedSQL;
|
2018-10-23 09:25:51 +00:00
|
|
|
const UserError = require('../helpers').UserError;
|
2018-07-09 16:06:25 +00:00
|
|
|
|
2017-10-13 14:22:45 +00:00
|
|
|
module.exports = function(Self) {
|
2018-10-15 09:43:57 +00:00
|
|
|
Self.ParameterizedSQL = ParameterizedSQL;
|
|
|
|
|
|
2018-10-30 12:58:02 +00:00
|
|
|
require('../methods/vn-model/validateBinded')(Self);
|
|
|
|
|
require('../methods/vn-model/rewriteDbError')(Self);
|
|
|
|
|
require('../methods/vn-model/getSetValues')(Self);
|
|
|
|
|
|
2017-10-13 14:22:45 +00:00
|
|
|
Self.setup = function() {
|
|
|
|
|
Self.super_.setup.call(this);
|
2018-10-23 09:25:51 +00:00
|
|
|
|
|
|
|
|
// Register field ACL validation
|
|
|
|
|
this.beforeRemote('prototype.patchAttributes', ctx => this.checkUpdateAcls(ctx));
|
|
|
|
|
this.beforeRemote('updateAll', ctx => this.checkUpdateAcls(ctx));
|
|
|
|
|
this.beforeRemote('patchOrCreate', ctx => this.checkInsertAcls(ctx));
|
|
|
|
|
this.beforeRemote('create', ctx => this.checkInsertAcls(ctx));
|
|
|
|
|
this.beforeRemote('replaceById', ctx => this.checkInsertAcls(ctx));
|
|
|
|
|
this.beforeRemote('replaceOrCreate', ctx => this.checkInsertAcls(ctx));
|
2018-10-22 07:29:58 +00:00
|
|
|
|
|
|
|
|
this.remoteMethod('crud', {
|
|
|
|
|
description: 'Create, update or/and delete instances from model with a single request',
|
|
|
|
|
accessType: 'WRITE',
|
|
|
|
|
accepts: [
|
|
|
|
|
{
|
|
|
|
|
arg: 'actions',
|
|
|
|
|
type: 'Object',
|
|
|
|
|
require: true,
|
|
|
|
|
description: 'Instances to update, example: {create: [instances], update: [instances], delete: [ids]}',
|
|
|
|
|
http: {source: 'body'}
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
http: {
|
|
|
|
|
path: `/crud`,
|
|
|
|
|
verb: 'POST'
|
|
|
|
|
}
|
|
|
|
|
});
|
2017-10-13 14:22:45 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Self.defineScope = function(serverFilter) {
|
|
|
|
|
this.remoteMethodCtx('list', {
|
|
|
|
|
accepts: [
|
|
|
|
|
{
|
|
|
|
|
arg: 'filter',
|
|
|
|
|
type: 'object',
|
|
|
|
|
description: 'Filter defining where'
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
returns: {
|
|
|
|
|
type: [this.modelName],
|
|
|
|
|
root: true
|
|
|
|
|
},
|
|
|
|
|
http: {
|
|
|
|
|
verb: 'get',
|
|
|
|
|
path: '/list'
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
this.list = function(ctx, clientFilter, cb) {
|
2017-11-09 07:59:40 +00:00
|
|
|
let clientFields = (clientFilter && clientFilter.fields) ? clientFilter.fields : [];
|
|
|
|
|
let serverFields = (serverFilter && serverFilter.fields) ? serverFilter.fields : [];
|
|
|
|
|
let fields = clientFields.filter(itemC => {
|
2017-10-13 14:22:45 +00:00
|
|
|
return serverFields.some(itemS => itemS === itemC);
|
|
|
|
|
});
|
2017-11-09 07:59:40 +00:00
|
|
|
let and = [];
|
|
|
|
|
let order;
|
|
|
|
|
let limit;
|
|
|
|
|
let filter = {order: order, limit: limit};
|
2017-10-13 14:22:45 +00:00
|
|
|
|
2017-11-09 07:59:40 +00:00
|
|
|
if (clientFilter && clientFilter.where)
|
|
|
|
|
and.push(clientFilter.where);
|
|
|
|
|
if (serverFilter && serverFilter.where)
|
|
|
|
|
and.push(serverFilter.where);
|
2017-10-13 14:22:45 +00:00
|
|
|
|
|
|
|
|
if (clientFilter && clientFilter.order)
|
|
|
|
|
order = clientFilter.order;
|
|
|
|
|
else if (serverFilter && serverFilter.order)
|
|
|
|
|
order = serverFilter.order;
|
|
|
|
|
|
|
|
|
|
if (serverFilter && serverFilter.limit)
|
|
|
|
|
limit = serverFilter.limit;
|
|
|
|
|
else if (clientFilter && clientFilter.limit)
|
|
|
|
|
limit = clientFilter.limit;
|
|
|
|
|
|
|
|
|
|
filter.where = (and.length > 0) && {and: and};
|
|
|
|
|
filter.fields = fields;
|
|
|
|
|
|
|
|
|
|
this.find(filter, function(err, states) {
|
2017-11-09 07:59:40 +00:00
|
|
|
if (err)
|
|
|
|
|
cb(err, null);
|
|
|
|
|
else
|
|
|
|
|
cb(null, states);
|
2017-10-13 14:22:45 +00:00
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Self.remoteMethodCtx = function(methodName, args) {
|
2018-10-30 12:58:02 +00:00
|
|
|
let ctx = {
|
2017-10-13 14:22:45 +00:00
|
|
|
arg: 'context',
|
|
|
|
|
type: 'object',
|
|
|
|
|
http: function(ctx) {
|
|
|
|
|
return ctx;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
if (args.accepts === undefined)
|
|
|
|
|
args.accepts = [];
|
|
|
|
|
else if (!Array.isArray(args.accepts))
|
|
|
|
|
args.accepts = [args.accepts];
|
|
|
|
|
args.accepts.unshift(ctx);
|
|
|
|
|
this.remoteMethod(methodName, args);
|
|
|
|
|
};
|
|
|
|
|
|
2017-11-08 12:42:33 +00:00
|
|
|
Self.getConnection = function(cb) {
|
|
|
|
|
this.dataSource.connector.client.getConnection(cb);
|
|
|
|
|
};
|
|
|
|
|
|
2017-10-13 14:22:45 +00:00
|
|
|
Self.connectToService = function(ctx, dataSource) {
|
|
|
|
|
this.app.dataSources[dataSource].connector.remotes.auth = {
|
|
|
|
|
bearer: new Buffer(ctx.req.accessToken.id).toString('base64'),
|
|
|
|
|
sendImmediately: true
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Self.disconnectFromService = function(dataSource) {
|
|
|
|
|
this.app.dataSources[dataSource].connector.remotes.auth = {
|
2018-01-29 18:57:00 +00:00
|
|
|
bearer: new Buffer('').toString('base64'),
|
2017-10-13 14:22:45 +00:00
|
|
|
sendImmediately: true
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2018-10-22 07:29:58 +00:00
|
|
|
Self.crud = async function(actions) {
|
|
|
|
|
let transaction = await this.beginTransaction({});
|
|
|
|
|
let options = {transaction: transaction};
|
2018-05-31 09:52:39 +00:00
|
|
|
|
2018-10-22 07:29:58 +00:00
|
|
|
try {
|
2018-10-30 12:58:02 +00:00
|
|
|
if (actions.delete && actions.delete.length)
|
2018-10-22 07:29:58 +00:00
|
|
|
await this.destroyAll({id: {inq: actions.delete}}, options);
|
2018-10-30 12:58:02 +00:00
|
|
|
|
2018-10-22 07:29:58 +00:00
|
|
|
if (actions.update) {
|
|
|
|
|
try {
|
|
|
|
|
let promises = [];
|
|
|
|
|
actions.update.forEach(toUpdate => {
|
|
|
|
|
promises.push(this.upsertWithWhere(toUpdate.where, toUpdate.data, options));
|
|
|
|
|
});
|
|
|
|
|
await Promise.all(promises);
|
|
|
|
|
} catch (error) {
|
|
|
|
|
throw error;
|
2018-08-30 06:50:03 +00:00
|
|
|
}
|
2018-10-22 07:29:58 +00:00
|
|
|
}
|
|
|
|
|
if (actions.create && actions.create.length) {
|
|
|
|
|
try {
|
|
|
|
|
await this.create(actions.create, options);
|
|
|
|
|
} catch (error) {
|
|
|
|
|
throw error[error.length - 1];
|
2018-05-31 09:52:39 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-10-22 07:29:58 +00:00
|
|
|
await transaction.commit();
|
|
|
|
|
} catch (error) {
|
|
|
|
|
await transaction.rollback();
|
|
|
|
|
throw error;
|
|
|
|
|
}
|
2018-05-31 09:52:39 +00:00
|
|
|
};
|
|
|
|
|
|
2018-10-23 09:25:51 +00:00
|
|
|
Self.checkAcls = async function(ctx, actionType) {
|
|
|
|
|
let userId = ctx.req.accessToken.userId;
|
|
|
|
|
let models = this.app.models;
|
|
|
|
|
let userRoles = await models.Account.getRoles(userId);
|
|
|
|
|
let data = ctx.args.data;
|
|
|
|
|
let modelAcls;
|
|
|
|
|
|
|
|
|
|
function modifiedProperties(data) {
|
|
|
|
|
let properties = [];
|
|
|
|
|
|
2018-10-30 12:58:02 +00:00
|
|
|
for (property in data)
|
2018-10-23 09:25:51 +00:00
|
|
|
properties.push(property);
|
|
|
|
|
|
|
|
|
|
return properties;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
modelAcls = await models.FieldAcl.find({
|
|
|
|
|
where: {
|
|
|
|
|
and: [
|
|
|
|
|
{model: this.modelName},
|
|
|
|
|
{role: {inq: userRoles}},
|
|
|
|
|
{property: '*'},
|
|
|
|
|
{or: [{actionType: '*'}, {actionType: actionType}]}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let allowedAll = modelAcls.find(acl => {
|
|
|
|
|
return acl.property == '*';
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (allowedAll)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
modelAcls = await models.FieldAcl.find({
|
|
|
|
|
where: {
|
|
|
|
|
and: [
|
|
|
|
|
{model: this.modelName},
|
|
|
|
|
{role: {inq: userRoles}},
|
|
|
|
|
{property: {inq: modifiedProperties(data)}},
|
|
|
|
|
{or: [{actionType: '*'}, {actionType: actionType}]}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let propsHash = {};
|
|
|
|
|
for (let acl of modelAcls)
|
|
|
|
|
propsHash[acl.property] = true;
|
|
|
|
|
|
|
|
|
|
let allowedProperties = Object.keys(data).every(property => {
|
|
|
|
|
return propsHash[property];
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (!allowedProperties)
|
|
|
|
|
throw new UserError(`You don't have enough privileges`);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Self.checkUpdateAcls = function(ctx) {
|
|
|
|
|
return this.checkAcls(ctx, 'update');
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
Self.checkInsertAcls = function(ctx) {
|
|
|
|
|
return this.checkAcls(ctx, 'insert');
|
|
|
|
|
};
|
|
|
|
|
|
2018-10-30 12:58:02 +00:00
|
|
|
/*
|
|
|
|
|
* Shortcut to VnMySQL.executeP()
|
|
|
|
|
*/
|
|
|
|
|
Self.rawSql = function(query, params, options, cb) {
|
|
|
|
|
return this.dataSource.connector.executeP(query, params, options, cb);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Shortcut to VnMySQL.executeStmt()
|
|
|
|
|
*/
|
|
|
|
|
Self.rawStmt = function(stmt, options) {
|
|
|
|
|
return this.dataSource.connector.executeStmt(stmt, options);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Shortcut to VnMySQL.makeLimit()
|
|
|
|
|
*/
|
|
|
|
|
Self.makeLimit = function(filter) {
|
|
|
|
|
return this.dataSource.connector.makeLimit(filter);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Shortcut to VnMySQL.makeSuffix()
|
|
|
|
|
*/
|
|
|
|
|
Self.makeSuffix = function(filter) {
|
|
|
|
|
return this.dataSource.connector.makeSuffix(filter);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Shortcut to VnMySQL.buildModelSuffix()
|
|
|
|
|
*/
|
|
|
|
|
Self.buildSuffix = function(filter, tableAlias) {
|
|
|
|
|
return this.dataSource.connector.buildModelSuffix(this.modelName, filter, tableAlias);
|
|
|
|
|
};
|
2017-10-13 14:22:45 +00:00
|
|
|
};
|
