refs #4074 added $everyone access
gitea/salix/pipeline/head There was a failure building this commit
Details
gitea/salix/pipeline/head There was a failure building this commit
Details
This commit is contained in:
parent
cf58a3ceac
commit
713eeddbcc
|
|
@ -1,18 +1,11 @@
|
||||||
module.exports = Self => {
|
module.exports = Self => {
|
||||||
Self.remoteMethod('userAcl', {
|
Self.remoteMethodCtx('userAcl', {
|
||||||
description: 'Get all of the current user permissions',
|
description: 'Get all of the current user permissions',
|
||||||
accepts: [
|
accepts: {
|
||||||
{
|
arg: 'roles',
|
||||||
arg: 'ctx',
|
type: 'any',
|
||||||
type: 'Object',
|
required: true,
|
||||||
http: {source: 'context'}
|
},
|
||||||
},
|
|
||||||
{
|
|
||||||
arg: 'aclList',
|
|
||||||
type: 'Object',
|
|
||||||
required: true,
|
|
||||||
}
|
|
||||||
],
|
|
||||||
returns: {
|
returns: {
|
||||||
type: 'Object',
|
type: 'Object',
|
||||||
root: true
|
root: true
|
||||||
|
|
@ -23,13 +16,7 @@ module.exports = Self => {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
Self.userAcl = async function(ctx, aclList) {
|
Self.userAcl = async function(roles) {
|
||||||
const ACLs = [];
|
return Self.app.models.ACL.find({principalId: {inq: {roles}}}, null);
|
||||||
|
|
||||||
for (let key in aclList) {
|
|
||||||
const acl = await Self.app.models.ACL.findOne({where: {principalId: key}});
|
|
||||||
if (acl) ACLs.push(acl);
|
|
||||||
}
|
|
||||||
return ACLs;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -119,6 +119,13 @@
|
||||||
"principalType": "ROLE",
|
"principalType": "ROLE",
|
||||||
"principalId": "$authenticated",
|
"principalId": "$authenticated",
|
||||||
"permission": "ALLOW"
|
"permission": "ALLOW"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"property": "userAcl",
|
||||||
|
"accessType": "*",
|
||||||
|
"principalType": "ROLE",
|
||||||
|
"principalId": "$everyone",
|
||||||
|
"permission": "ALLOW"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,27 +14,21 @@ class AclService {
|
||||||
return this.$http.get('Accounts/acl').then(async res => {
|
return this.$http.get('Accounts/acl').then(async res => {
|
||||||
this.user = res.data.user;
|
this.user = res.data.user;
|
||||||
this.roles = {};
|
this.roles = {};
|
||||||
this.rolesMap = {};
|
|
||||||
res.data.roles.forEach(role => {
|
for (let role of res.data.roles) {
|
||||||
if (role.role) {
|
if (role.role)
|
||||||
this.rolesMap[role.role.name] = true;
|
|
||||||
this.roles[role.role.name] = true;
|
this.roles[role.role.name] = true;
|
||||||
}
|
}
|
||||||
});
|
|
||||||
|
|
||||||
this.acls = {};
|
this.acls = {};
|
||||||
await this.$http.post('Accounts/user/acl', {aclList: this.rolesMap}).then(res => {
|
await this.$http.post('Accounts/user/acl',
|
||||||
|
{roles: Object.keys(this.roles)}).then(res => {
|
||||||
res.data.forEach(acl => {
|
res.data.forEach(acl => {
|
||||||
this.acls[acl.model] = this.acls[acl.model] || {};
|
this.acls[acl.model] = this.acls[acl.model] || {};
|
||||||
this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};
|
this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};
|
||||||
this.acls[acl.model][acl.property][acl.accessType] = true;
|
this.acls[acl.model][acl.property][acl.accessType] = true;
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
for (let role of res.data.roles) {
|
|
||||||
if (role.role)
|
|
||||||
this.roles[role.role.name] = true;
|
|
||||||
}
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue