From 2ab756a403df8d875a75a2482841999c138f7eee Mon Sep 17 00:00:00 2001
From: Dani Herrero <dherrero@alfatecsistemas.es>
Date: Thu, 25 May 2017 07:21:36 +0200
Subject: [PATCH] primera version de ACL

---
 services/salix/client/index.ejs      |  1 +
 services/salix/server/boot/routes.js | 53 ++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)

diff --git a/services/salix/client/index.ejs b/services/salix/client/index.ejs
index 6217c3a45..f5e210f3f 100644
--- a/services/salix/client/index.ejs
+++ b/services/salix/client/index.ejs
@@ -3,6 +3,7 @@
 <head>
 	<meta charset="UTF-8">
 	<title>Salix</title>
+	<script src="/salix/acl"></script>
 </head>
 <body ng-app="salix">
 	<vn-app></vn-app>
diff --git a/services/salix/server/boot/routes.js b/services/salix/server/boot/routes.js
index 7d2bf17e0..1ff4fbe23 100644
--- a/services/salix/server/boot/routes.js
+++ b/services/salix/server/boot/routes.js
@@ -9,6 +9,17 @@ module.exports = function (app) {
         });
     });
 
+    app.get('/acl', function(req, res){
+        let token = req.cookies.vnToken;
+        validateToken(token, function(isValid) {
+            if (isValid)
+                sendUserRole(res);
+            else
+                sendACL(res, {});
+        });
+        
+    });
+    
     app.get('/login', function (req, res) {
         let token = req.query.token;
         let continueUrl = req.query.continue;
@@ -33,6 +44,9 @@ module.exports = function (app) {
     function validateToken(tokenId, cb) {    
         app.models.AccessToken.findById(tokenId, function(err, token) {
             if (token) {
+                if(token.userId){
+                     app.currentUser = {id: token.userId};
+                }
                 token.validate (function (err, isValid) {
                     cb(isValid === true);
                 });
@@ -42,6 +56,39 @@ module.exports = function (app) {
         });
     }
 
+    function sendUserRole(res){
+        if(app.currentUser && app.currentUser.id){
+            let query = {
+                    "where": {
+                        "principalId": `${app.currentUser.id}`,
+                        "principalType": "USER"
+                    },
+                    "include": {
+                        "relation": "role",
+                        "scope": {
+                            "fields": ["name"]
+                        }
+                    }
+                };
+            app.models.RoleMapping.find(query, function(err, roles){
+                if(roles){
+                    let acl = {};
+                    Object.keys(roles).forEach(function(_, i){
+                        if(roles[i].roleId){
+                            let rol = roles[i].role();
+                            acl[rol.name] = true;
+                        }
+                    });
+                    sendACL(res, acl);
+                }
+                else
+                    sendACL(res, {});
+            });
+        }
+        else
+            sendACL(res, {});
+    }
+
     function redirectToAuth (res, continueUrl) {
         let authUrl = app.get('url auth');
         let params = {
@@ -51,6 +98,12 @@ module.exports = function (app) {
         res.clearCookie ('vnToken');
         res.redirect(`${authUrl}/?${encodeUri(params)}`);
     }
+
+    function sendACL(res, acl){
+        let aclStr = JSON.stringify(acl);
+        res.header('Content-Type', 'application/javascript; charset=UTF-8');
+        res.send(`(function(window){window.Salix = window.Salix || {}; window.Salix.acl = window.Salix.acl || {}; window.Salix.acl = ${aclStr}; })(window)`);
+    }
 };
 
 function encodeUri(object) {