diff --git a/back/methods/account/user-acl.js b/back/methods/account/user-acl.js index 49e417260..f0cb5770a 100644 --- a/back/methods/account/user-acl.js +++ b/back/methods/account/user-acl.js @@ -6,6 +6,11 @@ module.exports = Self => { arg: 'ctx', type: 'Object', http: {source: 'context'} + }, + { + arg: 'aclList', + type: 'Object', + required: true, } ], returns: { @@ -14,16 +19,24 @@ module.exports = Self => { }, http: { path: '/user/acl', - verb: 'GET' + verb: 'POST' } }); - Self.userAcl = async function(ctx) { - let userId = ctx.req.accessToken.userId; + Self.userAcl = async function(ctx, aclList) { let models = Self.app.models; - let user = await models.User.findById(userId, { - fields: ['id', 'name', 'nickname'] - }); + let ACLs = []; + + for (let key in aclList) { + let acl = await models.acls.findOne({ + where: { + principalId: key, + } + }); + if (acl) + ACLs.push(acl); + } + return ACLs; }; }; diff --git a/back/model-config.json b/back/model-config.json index 29676e979..d3b7db2f5 100644 --- a/back/model-config.json +++ b/back/model-config.json @@ -2,6 +2,9 @@ "Account": { "dataSource": "vn" }, + "acls": { + "dataSource": "vn" + }, "AccountingType": { "dataSource": "vn" }, diff --git a/back/models/account.js b/back/models/account.js index c2502380a..b9585a92c 100644 --- a/back/models/account.js +++ b/back/models/account.js @@ -12,6 +12,7 @@ module.exports = Self => { require('../methods/account/recover-password')(Self); require('../methods/account/validate-token')(Self); require('../methods/account/privileges')(Self); + require('../methods/account/user-acl')(Self); // Validations diff --git a/back/models/acl.json b/back/models/acl.json new file mode 100644 index 000000000..eaeaf2677 --- /dev/null +++ b/back/models/acl.json @@ -0,0 +1,39 @@ +{ + "name": "acls", + "base": "VnModel", + "options": { + "mysql": { + "table": "salix.ACL" + } + }, + "properties": { + "id": { + "type": "number", + "id": true + }, + "model": { + "type": "string", + "required": true + }, + "property": { + "type": "string", + "required": true + }, + "accessType": { + "type": "string", + "required": true + }, + "permission": { + "type": "string", + "required": true + }, + "principalType": { + "type": "string", + "required": true + }, + "principalId": { + "type": "string", + "required": true + } + } +} \ No newline at end of file diff --git a/front/core/directives/acl.js b/front/core/directives/acl.js index 9b7328524..cc3c07f05 100644 --- a/front/core/directives/acl.js +++ b/front/core/directives/acl.js @@ -13,6 +13,12 @@ function vnAcl(aclService) { let action = $attrs.vnAclAction || 'disable'; + if ($attrs.vnAclModel) { + console.log($attrs.vnAclModel, $attrs.vnAclProperty, $attrs.vnAclAccessType); + let hasAcl = aclService.hasAnyACL($attrs.vnAclModel, $attrs.vnAclProperty, $attrs.vnAclAccessType); + if (hasAcl) return; + } + if (aclService.hasAny(acls)) return; if (action === 'disable') { diff --git a/front/core/services/acl-service.js b/front/core/services/acl-service.js index 6c3c6b1a7..a6f091e9c 100644 --- a/front/core/services/acl-service.js +++ b/front/core/services/acl-service.js @@ -11,7 +11,7 @@ class AclService { } load() { - return this.$http.get('Accounts/acl').then(res => { + return this.$http.get('Accounts/acl').then(async res => { this.user = res.data.user; this.roles = {}; this.rolesMap = {}; @@ -20,6 +20,15 @@ class AclService { this.rolesMap[role.role.name] = true; }); + this.acls = {}; + await this.$http.post('Accounts/user/acl', {aclList: this.rolesMap}).then(res => { + res.data.forEach(acl => { + this.acls[acl.model] = this.acls[acl.model] || {}; + this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {}; + this.acls[acl.model][acl.property][acl.accessType] = true; + }); + }); + for (let role of res.data.roles) { if (role.role) this.roles[role.role.name] = true; @@ -27,8 +36,20 @@ class AclService { }); } - returnRoles() { - return this.rolesMap; + returnAcls() { + return this.acls; + } + + hasAnyACL(model, property, accessType) { + if (this.acls) { + if (this.acls[model]) { + if (this.acls[model][property]) { + if (this.acls[model][property][accessType]) + return true; + } + } + } + return false; } hasAny(roles) { diff --git a/front/core/services/user-acl-service.js b/front/core/services/user-acl-service.js deleted file mode 100644 index 1e29ea28d..000000000 --- a/front/core/services/user-acl-service.js +++ /dev/null @@ -1,29 +0,0 @@ -import ngModule from '../module'; - -class UserAclService { - constructor($http) { - this.$http = $http; - } - - reset() { - this.user = null; - this.roles = null; - } - - load() { - // return this.$http.get - } - - hasAny(roles) { - if (this.roles) { - for (let role of roles) { - if (this.roles[role]) - return true; - } - } - return false; - } -} -UserAclService.$inject = ['$http']; - -ngModule.service('userAclService', UserAclService);