refs #4074 minor fixes

2023-06-12 08:49:00 +02:00 · 2023-06-12 08:49:00 +02:00 · 01daa253db
parent 0a491c6b62
commit 01daa253db
3 changed files with 37 additions and 24 deletions
--- a/back/methods/vn-user/acls.js
+++ b/back/methods/vn-user/acls.js
@ -35,18 +35,32 @@ module.exports = Self => {
    });

    Self.acls = async function(ctx) {
+        const models = Self.app.models;
        const acls = [];
        const userId = ctx.req.accessToken.userId;
        if (userId) {
-            const dynamicAcls = await Self.rawSql(`
-            SELECT *
-            FROM salix.ACL a
-            WHERE a.principalId IN (
-                SELECT r.name COLLATE utf8mb3_general_ci
-                    FROM salix.RoleMapping rm
-                    JOIN account.role r ON r.id = rm.roleId
-                    WHERE rm.principalId = ?
-            )`, [userId]);
+            const roleMapping = await models.RoleMapping.find({
+                where: {
+                    principalId: userId
+                },
+                include: [
+                    {
+                        relation: 'role',
+                        scope: {
+                            fields: [
+                                'name'
+                            ]
+                        }
+                    }
+                ]
+            });
+            const dynamicAcls = await models.ACL.find({
+                where: {
+                    principalId: {
+                        inq: roleMapping.map(rm => rm.role().name)
+                    }
+                }
+            });
            dynamicAcls.forEach(acl => acls.push(acl));
            staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
        } else
--- a/front/core/services/acl-service.js
+++ b/front/core/services/acl-service.js
@ -32,20 +32,12 @@ class AclService {
    }

    hasAnyACL(model, property, accessType) {
-        if (this.acls) {
-            if (this.acls[model]) {
-                if (this.acls[model]['*']) {
-                    if (this.acls[model]['*']['*'])
-                        return true;
-                    if (this.acls[model]['*'][accessType])
-                        return true;
-                }
-                if (this.acls[model][property]) {
-                    if (this.acls[model][property]['*'])
-                        return true;
-                    if (this.acls[model][property][accessType])
-                        return true;
-                }
+        const acls = this.acls[model];
+        if (acls) {
+            for (const prop of ['*', property]) {
+                const acl = acls[prop];
+                if (acl && (acl['*'] || acl[accessType]))
+                    return true;
            }
        }
        return false;
--- a/loopback/server/model-config.json
+++ b/loopback/server/model-config.json
@ -39,6 +39,13 @@
            "mysql": {
                "table": "salix.RoleMapping"
            }
+        },
+        "relations": {
+            "role": {
+                "type": "belongsTo",
+                "model": "Role",
+                "foreignKey": "roleId"
+            }
        }
    },
    "Schema": {