refs #4074 minor fixes
gitea/salix/pipeline/head This commit looks good Details

This commit is contained in:
Alexandre Riera 2023-06-12 08:49:00 +02:00
parent 0a491c6b62
commit 01daa253db
3 changed files with 37 additions and 24 deletions

View File

@ -35,18 +35,32 @@ module.exports = Self => {
});
Self.acls = async function(ctx) {
const models = Self.app.models;
const acls = [];
const userId = ctx.req.accessToken.userId;
if (userId) {
const dynamicAcls = await Self.rawSql(`
SELECT *
FROM salix.ACL a
WHERE a.principalId IN (
SELECT r.name COLLATE utf8mb3_general_ci
FROM salix.RoleMapping rm
JOIN account.role r ON r.id = rm.roleId
WHERE rm.principalId = ?
)`, [userId]);
const roleMapping = await models.RoleMapping.find({
where: {
principalId: userId
},
include: [
{
relation: 'role',
scope: {
fields: [
'name'
]
}
}
]
});
const dynamicAcls = await models.ACL.find({
where: {
principalId: {
inq: roleMapping.map(rm => rm.role().name)
}
}
});
dynamicAcls.forEach(acl => acls.push(acl));
staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
} else

View File

@ -32,20 +32,12 @@ class AclService {
}
hasAnyACL(model, property, accessType) {
if (this.acls) {
if (this.acls[model]) {
if (this.acls[model]['*']) {
if (this.acls[model]['*']['*'])
return true;
if (this.acls[model]['*'][accessType])
return true;
}
if (this.acls[model][property]) {
if (this.acls[model][property]['*'])
return true;
if (this.acls[model][property][accessType])
return true;
}
const acls = this.acls[model];
if (acls) {
for (const prop of ['*', property]) {
const acl = acls[prop];
if (acl && (acl['*'] || acl[accessType]))
return true;
}
}
return false;

View File

@ -39,6 +39,13 @@
"mysql": {
"table": "salix.RoleMapping"
}
},
"relations": {
"role": {
"type": "belongsTo",
"model": "Role",
"foreignKey": "roleId"
}
}
},
"Schema": {
@ -50,4 +57,4 @@
"Container": {
"dataSource": "vn"
}
}
}