primera version de ACL

2017-05-25 07:21:36 +02:00 · 2017-05-25 07:21:36 +02:00 · 2ab756a403
parent bcd4cedbcd
commit 2ab756a403
2 changed files with 54 additions and 0 deletions
--- a/services/salix/client/index.ejs
+++ b/services/salix/client/index.ejs
@ -3,6 +3,7 @@
 <head>
 	<meta charset="UTF-8">
 	<title>Salix</title>
+	<script src="/salix/acl"></script>
 </head>
 <body ng-app="salix">
 	<vn-app></vn-app>
--- a/services/salix/server/boot/routes.js
+++ b/services/salix/server/boot/routes.js
@ -9,6 +9,17 @@ module.exports = function (app) {
        });
    });

+    app.get('/acl', function(req, res){
+        let token = req.cookies.vnToken;
+        validateToken(token, function(isValid) {
+            if (isValid)
+                sendUserRole(res);
+            else
+                sendACL(res, {});
+        });
+        
+    });
+    
    app.get('/login', function (req, res) {
        let token = req.query.token;
        let continueUrl = req.query.continue;
@ -33,6 +44,9 @@ module.exports = function (app) {
    function validateToken(tokenId, cb) {    
        app.models.AccessToken.findById(tokenId, function(err, token) {
            if (token) {
+                if(token.userId){
+                     app.currentUser = {id: token.userId};
+                }
                token.validate (function (err, isValid) {
                    cb(isValid === true);
                });
@ -42,6 +56,39 @@ module.exports = function (app) {
        });
    }

+    function sendUserRole(res){
+        if(app.currentUser && app.currentUser.id){
+            let query = {
+                    "where": {
+                        "principalId": `${app.currentUser.id}`,
+                        "principalType": "USER"
+                    },
+                    "include": {
+                        "relation": "role",
+                        "scope": {
+                            "fields": ["name"]
+                        }
+                    }
+                };
+            app.models.RoleMapping.find(query, function(err, roles){
+                if(roles){
+                    let acl = {};
+                    Object.keys(roles).forEach(function(_, i){
+                        if(roles[i].roleId){
+                            let rol = roles[i].role();
+                            acl[rol.name] = true;
+                        }
+                    });
+                    sendACL(res, acl);
+                }
+                else
+                    sendACL(res, {});
+            });
+        }
+        else
+            sendACL(res, {});
+    }
+
    function redirectToAuth (res, continueUrl) {
        let authUrl = app.get('url auth');
        let params = {
@ -51,6 +98,12 @@ module.exports = function (app) {
        res.clearCookie ('vnToken');
        res.redirect(`${authUrl}/?${encodeUri(params)}`);
    }
+
+    function sendACL(res, acl){
+        let aclStr = JSON.stringify(acl);
+        res.header('Content-Type', 'application/javascript; charset=UTF-8');
+        res.send(`(function(window){window.Salix = window.Salix || {}; window.Salix.acl = window.Salix.acl || {}; window.Salix.acl = ${aclStr}; })(window)`);
+    }
 };

 function encodeUri(object) {