refs #4074 added $everyone access

2023-04-04 09:29:15 +02:00 · 2023-04-04 09:29:15 +02:00 · 713eeddbcc
parent cf58a3ceac
commit 713eeddbcc
3 changed files with 21 additions and 33 deletions
--- a/back/methods/account/user-acl.js
+++ b/back/methods/account/user-acl.js
@ -1,18 +1,11 @@
 module.exports = Self => {
-    Self.remoteMethod('userAcl', {
+    Self.remoteMethodCtx('userAcl', {
        description: 'Get all of the current user permissions',
-        accepts: [
-            {
-                arg: 'ctx',
-                type: 'Object',
-                http: {source: 'context'}
-            },
-            {
-                arg: 'aclList',
-                type: 'Object',
-                required: true,
-            }
-        ],
+        accepts: {
+            arg: 'roles',
+            type: 'any',
+            required: true,
+        },
        returns: {
            type: 'Object',
            root: true
@ -23,13 +16,7 @@ module.exports = Self => {
        }
    });

-    Self.userAcl = async function(ctx, aclList) {
-        const ACLs = [];
-
-        for (let key in aclList) {
-            const acl = await Self.app.models.ACL.findOne({where: {principalId: key}});
-            if (acl) ACLs.push(acl);
-        }
-        return ACLs;
+    Self.userAcl = async function(roles) {
+        return Self.app.models.ACL.find({principalId: {inq: {roles}}}, null);
    };
 };
--- a/back/models/account.json
+++ b/back/models/account.json
@ -119,6 +119,13 @@
 			"principalType": "ROLE",
 			"principalId": "$authenticated",
 			"permission": "ALLOW"
+		},
+		{
+			"property": "userAcl",
+			"accessType": "*",
+			"principalType": "ROLE",
+			"principalId": "$everyone",
+			"permission": "ALLOW"
 		}
 	]
 }
--- a/front/core/services/acl-service.js
+++ b/front/core/services/acl-service.js
@ -14,27 +14,21 @@ class AclService {
        return this.$http.get('Accounts/acl').then(async res => {
            this.user = res.data.user;
            this.roles = {};
-            this.rolesMap = {};
-            res.data.roles.forEach(role => {
-                if (role.role) {
-                    this.rolesMap[role.role.name] = true;
+
+            for (let role of res.data.roles) {
+                if (role.role)
                    this.roles[role.role.name] = true;
-                }
-            });
+            }

            this.acls = {};
-            await this.$http.post('Accounts/user/acl', {aclList: this.rolesMap}).then(res => {
+            await this.$http.post('Accounts/user/acl',
+                {roles: Object.keys(this.roles)}).then(res => {
                res.data.forEach(acl => {
                    this.acls[acl.model] = this.acls[acl.model] || {};
                    this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};
                    this.acls[acl.model][acl.property][acl.accessType] = true;
                });
            });
-
-            for (let role of res.data.roles) {
-                if (role.role)
-                    this.roles[role.role.name] = true;
-            }
        });
    }