refs #4074 added $everyone access
gitea/salix/pipeline/head There was a failure building this commit Details

This commit is contained in:
Alexandre Riera 2023-04-04 09:29:15 +02:00
parent cf58a3ceac
commit 713eeddbcc
3 changed files with 21 additions and 33 deletions

View File

@ -1,18 +1,11 @@
module.exports = Self => {
Self.remoteMethod('userAcl', {
Self.remoteMethodCtx('userAcl', {
description: 'Get all of the current user permissions',
accepts: [
{
arg: 'ctx',
type: 'Object',
http: {source: 'context'}
},
{
arg: 'aclList',
type: 'Object',
accepts: {
arg: 'roles',
type: 'any',
required: true,
}
],
},
returns: {
type: 'Object',
root: true
@ -23,13 +16,7 @@ module.exports = Self => {
}
});
Self.userAcl = async function(ctx, aclList) {
const ACLs = [];
for (let key in aclList) {
const acl = await Self.app.models.ACL.findOne({where: {principalId: key}});
if (acl) ACLs.push(acl);
}
return ACLs;
Self.userAcl = async function(roles) {
return Self.app.models.ACL.find({principalId: {inq: {roles}}}, null);
};
};

View File

@ -119,6 +119,13 @@
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
},
{
"property": "userAcl",
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
}
]
}

View File

@ -14,27 +14,21 @@ class AclService {
return this.$http.get('Accounts/acl').then(async res => {
this.user = res.data.user;
this.roles = {};
this.rolesMap = {};
res.data.roles.forEach(role => {
if (role.role) {
this.rolesMap[role.role.name] = true;
for (let role of res.data.roles) {
if (role.role)
this.roles[role.role.name] = true;
}
});
this.acls = {};
await this.$http.post('Accounts/user/acl', {aclList: this.rolesMap}).then(res => {
await this.$http.post('Accounts/user/acl',
{roles: Object.keys(this.roles)}).then(res => {
res.data.forEach(acl => {
this.acls[acl.model] = this.acls[acl.model] || {};
this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};
this.acls[acl.model][acl.property][acl.accessType] = true;
});
});
for (let role of res.data.roles) {
if (role.role)
this.roles[role.role.name] = true;
}
});
}