refs #4074 @4h acl model and methods in directive

2023-01-23 11:29:58 +01:00 · 2023-01-23 11:29:58 +01:00 · 838df9e85a
parent db7fc594c8
commit 838df9e85a
7 changed files with 92 additions and 38 deletions
--- a/back/methods/account/user-acl.js
+++ b/back/methods/account/user-acl.js
@ -6,6 +6,11 @@ module.exports = Self => {
                arg: 'ctx',
                type: 'Object',
                http: {source: 'context'}
+            },
+            {
+                arg: 'aclList',
+                type: 'Object',
+                required: true,
            }
        ],
        returns: {
@ -14,16 +19,24 @@ module.exports = Self => {
        },
        http: {
            path: '/user/acl',
-            verb: 'GET'
+            verb: 'POST'
        }
    });

-    Self.userAcl = async function(ctx) {
-        let userId = ctx.req.accessToken.userId;
+    Self.userAcl = async function(ctx, aclList) {
        let models = Self.app.models;

-        let user = await models.User.findById(userId, {
-            fields: ['id', 'name', 'nickname']
-        });
+        let ACLs = [];
+
+        for (let key in aclList) {
+            let acl = await models.acls.findOne({
+                where: {
+                    principalId: key,
+                }
+            });
+            if (acl)
+                ACLs.push(acl);
+        }
+        return ACLs;
    };
 };
--- a/back/model-config.json
+++ b/back/model-config.json
@ -2,6 +2,9 @@
    "Account": {
        "dataSource": "vn"
    },
+    "acls": {
+        "dataSource": "vn"
+    },
    "AccountingType": {
        "dataSource": "vn"
    },
--- a/back/models/account.js
+++ b/back/models/account.js
@ -12,6 +12,7 @@ module.exports = Self => {
    require('../methods/account/recover-password')(Self);
    require('../methods/account/validate-token')(Self);
    require('../methods/account/privileges')(Self);
+    require('../methods/account/user-acl')(Self);

    // Validations

--- a/back/models/acl.json
+++ b/back/models/acl.json
@ -0,0 +1,39 @@
+{
+    "name": "acls",
+    "base": "VnModel",
+    "options": {
+        "mysql": {
+            "table": "salix.ACL"
+        }
+    },
+    "properties": {
+        "id": {
+            "type": "number",
+            "id": true
+        },
+        "model": {
+            "type": "string",
+            "required": true
+        },
+        "property": {
+            "type": "string",
+            "required": true
+        },
+        "accessType": {
+            "type": "string",
+            "required": true
+        },
+        "permission": {
+            "type": "string",
+            "required": true
+        },
+        "principalType": {
+            "type": "string",
+            "required": true
+        },
+        "principalId": {
+            "type": "string",
+            "required": true
+        }
+    }
+}
--- a/front/core/directives/acl.js
+++ b/front/core/directives/acl.js
@ -13,6 +13,12 @@ function vnAcl(aclService) {

            let action = $attrs.vnAclAction || 'disable';

+            if ($attrs.vnAclModel) {
+                console.log($attrs.vnAclModel, $attrs.vnAclProperty, $attrs.vnAclAccessType);
+                let hasAcl = aclService.hasAnyACL($attrs.vnAclModel, $attrs.vnAclProperty, $attrs.vnAclAccessType);
+                if (hasAcl) return;
+            }
+
            if (aclService.hasAny(acls)) return;

            if (action === 'disable') {
--- a/front/core/services/acl-service.js
+++ b/front/core/services/acl-service.js
@ -11,7 +11,7 @@ class AclService {
    }

    load() {
-        return this.$http.get('Accounts/acl').then(res => {
+        return this.$http.get('Accounts/acl').then(async res => {
            this.user = res.data.user;
            this.roles = {};
            this.rolesMap = {};
@ -20,6 +20,15 @@ class AclService {
                    this.rolesMap[role.role.name] = true;
            });

+            this.acls = {};
+            await this.$http.post('Accounts/user/acl', {aclList: this.rolesMap}).then(res => {
+                res.data.forEach(acl => {
+                    this.acls[acl.model] = this.acls[acl.model] || {};
+                    this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};
+                    this.acls[acl.model][acl.property][acl.accessType] = true;
+                });
+            });
+
            for (let role of res.data.roles) {
                if (role.role)
                    this.roles[role.role.name] = true;
@ -27,8 +36,20 @@ class AclService {
        });
    }

-    returnRoles() {
-        return this.rolesMap;
+    returnAcls() {
+        return this.acls;
+    }
+
+    hasAnyACL(model, property, accessType) {
+        if (this.acls) {
+            if (this.acls[model]) {
+                if (this.acls[model][property]) {
+                    if (this.acls[model][property][accessType])
+                        return true;
+                }
+            }
+        }
+        return false;
    }

    hasAny(roles) {
--- a/front/core/services/user-acl-service.js
+++ b/front/core/services/user-acl-service.js
@ -1,29 +0,0 @@
-import ngModule from '../module';
-
-class UserAclService {
-    constructor($http) {
-        this.$http = $http;
-    }
-
-    reset() {
-        this.user = null;
-        this.roles = null;
-    }
-
-    load() {
-        // return this.$http.get
-    }
-
-    hasAny(roles) {
-        if (this.roles) {
-            for (let role of roles) {
-                if (this.roles[role])
-                    return true;
-            }
-        }
-        return false;
-    }
-}
-UserAclService.$inject = ['$http'];
-
-ngModule.service('userAclService', UserAclService);