feat: refs #6598 acls back

2024-05-03 12:17:51 +02:00 · 2024-05-03 12:17:51 +02:00 · 411933a608
parent cdb0bf28c2
commit 411933a608
3 changed files with 80 additions and 0 deletions
--- a/back/methods/vn-user/acls.js
+++ b/back/methods/vn-user/acls.js
@ -0,0 +1,72 @@
+module.exports = Self => {
+    Self.remoteMethodCtx('acls', {
+        description: 'Get all of the current user acls',
+        returns: {
+            type: 'Object',
+            root: true
+        },
+        http: {
+            path: '/acls',
+            verb: 'GET'
+        }
+    });
+
+    const staticAcls = new Map();
+    const app = require('vn-loopback/server/server');
+    app.on('started', function() {
+        for (const model of app.models()) {
+            for (const acl of model.settings.acls) {
+                if (acl.principalType == 'ROLE' && acl.permission == 'ALLOW') {
+                    const staticAcl = {
+                        model: model.name,
+                        property: '*',
+                        accessType: acl.accessType,
+                        permission: acl.permission,
+                        principalType: acl.principalType,
+                        principalId: acl.principalId,
+                    };
+                    if (staticAcls.has(acl.principalId))
+                        staticAcls.get(acl.principalId).push(staticAcl);
+                    else
+                        staticAcls.set(acl.principalId, [staticAcl]);
+                }
+            }
+        }
+    });
+
+    Self.acls = async function(ctx) {
+        const models = Self.app.models;
+        const acls = [];
+        const userId = ctx.req.accessToken.userId;
+        if (userId) {
+            const roleMapping = await models.RoleMapping.find({
+                where: {
+                    principalId: userId
+                },
+                include: [
+                    {
+                        relation: 'role',
+                        scope: {
+                            fields: [
+                                'name'
+                            ]
+                        }
+                    }
+                ]
+            });
+            const dynamicAcls = await models.ACL.find({
+                where: {
+                    principalId: {
+                        inq: roleMapping.map(rm => rm.role().name)
+                    }
+                }
+            });
+            dynamicAcls.forEach(acl => acls.push(acl));
+            staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
+        } else
+            staticAcls.get('$unauthenticated').forEach(acl => acls.push(acl));
+
+        staticAcls.get('$everyone').forEach(acl => acls.push(acl));
+        return acls;
+    };
+};
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@ -15,6 +15,7 @@ module.exports = function(Self) {
    require('../methods/vn-user/renew-token')(Self);
    require('../methods/vn-user/share-token')(Self);
    require('../methods/vn-user/update-user')(Self);
+    require('../methods/vn-user/acls')(Self);

    Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');

--- a/back/models/vn-user.json
+++ b/back/models/vn-user.json
@ -133,6 +133,13 @@
            "principalType": "ROLE",
            "principalId": "$authenticated",
            "permission": "ALLOW"
+        },
+        {
+			"property": "acls",
+			"accessType": "*",
+			"principalType": "ROLE",
+			"principalId": "$everyone",
+			"permission": "ALLOW"
        }
    ],
    "scopes": {