refs #4074 added $everyone access
gitea/salix/pipeline/head There was a failure building this commit Details

This commit is contained in:
Alexandre Riera 2023-04-04 09:29:15 +02:00
parent cf58a3ceac
commit 713eeddbcc
3 changed files with 21 additions and 33 deletions

View File

@ -1,18 +1,11 @@
module.exports = Self => { module.exports = Self => {
Self.remoteMethod('userAcl', { Self.remoteMethodCtx('userAcl', {
description: 'Get all of the current user permissions', description: 'Get all of the current user permissions',
accepts: [ accepts: {
{ arg: 'roles',
arg: 'ctx', type: 'any',
type: 'Object',
http: {source: 'context'}
},
{
arg: 'aclList',
type: 'Object',
required: true, required: true,
} },
],
returns: { returns: {
type: 'Object', type: 'Object',
root: true root: true
@ -23,13 +16,7 @@ module.exports = Self => {
} }
}); });
Self.userAcl = async function(ctx, aclList) { Self.userAcl = async function(roles) {
const ACLs = []; return Self.app.models.ACL.find({principalId: {inq: {roles}}}, null);
for (let key in aclList) {
const acl = await Self.app.models.ACL.findOne({where: {principalId: key}});
if (acl) ACLs.push(acl);
}
return ACLs;
}; };
}; };

View File

@ -119,6 +119,13 @@
"principalType": "ROLE", "principalType": "ROLE",
"principalId": "$authenticated", "principalId": "$authenticated",
"permission": "ALLOW" "permission": "ALLOW"
},
{
"property": "userAcl",
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
} }
] ]
} }

View File

@ -14,27 +14,21 @@ class AclService {
return this.$http.get('Accounts/acl').then(async res => { return this.$http.get('Accounts/acl').then(async res => {
this.user = res.data.user; this.user = res.data.user;
this.roles = {}; this.roles = {};
this.rolesMap = {};
res.data.roles.forEach(role => { for (let role of res.data.roles) {
if (role.role) { if (role.role)
this.rolesMap[role.role.name] = true;
this.roles[role.role.name] = true; this.roles[role.role.name] = true;
} }
});
this.acls = {}; this.acls = {};
await this.$http.post('Accounts/user/acl', {aclList: this.rolesMap}).then(res => { await this.$http.post('Accounts/user/acl',
{roles: Object.keys(this.roles)}).then(res => {
res.data.forEach(acl => { res.data.forEach(acl => {
this.acls[acl.model] = this.acls[acl.model] || {}; this.acls[acl.model] = this.acls[acl.model] || {};
this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {}; this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};
this.acls[acl.model][acl.property][acl.accessType] = true; this.acls[acl.model][acl.property][acl.accessType] = true;
}); });
}); });
for (let role of res.data.roles) {
if (role.role)
this.roles[role.role.name] = true;
}
}); });
} }