This commit is contained in:
parent
0a7a9e2cc8
commit
18d93d93a6
|
@ -0,0 +1,4 @@
|
|||
-- Place your SQL code here
|
||||
INSERT INTO salix.ACL (model, property, accessType, permission, principalType, principalId)
|
||||
VALUES ('Worker', '__get__descriptor', 'READ', 'ALLOW', 'ROLE', 'employee'),
|
||||
('Worker', 'findById', 'READ', 'ALLOW', 'ROLE', '$subordinate');
|
|
@ -0,0 +1,12 @@
|
|||
const UserError = require('vn-loopback/util/user-error');
|
||||
|
||||
module.exports = async function(app) {
|
||||
const models = app.models;
|
||||
|
||||
models.VnRole.registerResolver('$subordinate', async(role, ctx) => {
|
||||
Object.assign(ctx, {req: {accessToken: {userId: ctx.accessToken.userId}}});
|
||||
|
||||
const isSubordinate = await models.Worker.isSubordinate(ctx, +ctx.modelId);
|
||||
if (!isSubordinate) throw new UserError(`You don't have enough privileges`);
|
||||
});
|
||||
};
|
|
@ -140,5 +140,41 @@
|
|||
"principalType": "ROLE",
|
||||
"principalId": "$owner"
|
||||
}
|
||||
],
|
||||
"scopes": {
|
||||
"descriptor": {
|
||||
"include": [
|
||||
{
|
||||
"relation": "user",
|
||||
"scope": {
|
||||
"fields": [
|
||||
"name",
|
||||
"nickname"
|
||||
],
|
||||
"include": {
|
||||
"relation": "emailUser",
|
||||
"scope": {
|
||||
"fields": [
|
||||
"email"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"relation": "department",
|
||||
"scope": {
|
||||
"include": [
|
||||
{
|
||||
"relation": "department"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"relation": "sip"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue