From db3de2385d546e0293b96b842f9bf766601bacd4 Mon Sep 17 00:00:00 2001
From: alexandre <alexandre@verdnatura.es>
Date: Fri, 21 Apr 2023 14:26:31 +0200
Subject: [PATCH] refs #4074 get static and dynamic acls

---
 back/methods/vn-user/acls.js             | 58 ++++++++++++++++++++++++
 back/methods/vn-user/user-acl.js         | 22 ---------
 back/models/vn-user.js                   |  2 +-
 front/core/directives/specs/acl.spec.js  |  2 +-
 front/core/lib/specs/acl-service.spec.js |  2 +-
 front/core/services/acl-service.js       |  3 +-
 6 files changed, 62 insertions(+), 27 deletions(-)
 create mode 100644 back/methods/vn-user/acls.js
 delete mode 100644 back/methods/vn-user/user-acl.js

diff --git a/back/methods/vn-user/acls.js b/back/methods/vn-user/acls.js
new file mode 100644
index 000000000..4db60cb23
--- /dev/null
+++ b/back/methods/vn-user/acls.js
@@ -0,0 +1,58 @@
+module.exports = Self => {
+    Self.remoteMethodCtx('acls', {
+        description: 'Get all of the current user acls',
+        returns: {
+            type: 'Object',
+            root: true
+        },
+        http: {
+            path: '/acls',
+            verb: 'GET'
+        }
+    });
+
+    const staticAcls = new Map();
+    const app = require('vn-loopback/server/server');
+    app.on('started', function() {
+        for (const model of app.models()) {
+            for (const acl of model.settings.acls) {
+                if (acl.principalType == 'ROLE' && acl.permission == 'ALLOW') {
+                    const staticAcl = {
+                        model: model.name,
+                        property: '*',
+                        accessType: acl.accessType,
+                        permission: acl.permission,
+                        principalType: acl.principalType,
+                        principalId: acl.principalId,
+                    };
+                    if (staticAcls.has(acl.principalId))
+                        staticAcls.get(acl.principalId).push(staticAcl);
+                    else
+                        staticAcls.set(acl.principalId, [staticAcl]);
+                }
+            }
+        }
+    });
+
+    Self.acls = async function(ctx) {
+        const acls = [];
+        const userId = ctx.req.accessToken.userId;
+        if (userId) {
+            const dynamicAcls = await Self.rawSql(`
+            SELECT *
+            FROM salix.ACL a
+            WHERE a.principalId IN (
+                SELECT r.name COLLATE utf8mb3_general_ci
+                    FROM salix.RoleMapping rm
+                    JOIN account.role r ON r.id = rm.roleId
+                    WHERE rm.principalId = ?
+            )`, [userId]);
+            dynamicAcls.forEach(acl => acls.push(acl));
+            staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
+        } else
+            staticAcls.get('$unauthenticated').forEach(acl => acls.push(acl));
+
+        staticAcls.get('$everyone').forEach(acl => acls.push(acl));
+        return acls;
+    };
+};
diff --git a/back/methods/vn-user/user-acl.js b/back/methods/vn-user/user-acl.js
deleted file mode 100644
index 08cd4dd40..000000000
--- a/back/methods/vn-user/user-acl.js
+++ /dev/null
@@ -1,22 +0,0 @@
-module.exports = Self => {
-    Self.remoteMethod('userAcl', {
-        description: 'Get all of the current user permissions',
-        accepts: {
-            arg: 'roles',
-            type: ['string'],
-            required: true,
-        },
-        returns: {
-            type: 'Object',
-            root: true
-        },
-        http: {
-            path: '/user/acl',
-            verb: 'POST'
-        }
-    });
-
-    Self.userAcl = async function(roles) {
-        return Self.rawSql(`SELECT * FROM salix.ACL a WHERE a.principalId IN (?)`, [roles]);
-    };
-};
diff --git a/back/models/vn-user.js b/back/models/vn-user.js
index ad12c9376..03bb0c9f4 100644
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@@ -10,7 +10,7 @@ module.exports = function(Self) {
     require('../methods/vn-user/recover-password')(Self);
     require('../methods/vn-user/validate-token')(Self);
     require('../methods/vn-user/privileges')(Self);
-    require('../methods/vn-user/user-acl')(Self);
+    require('../methods/vn-user/acls')(Self);
 
     // Validations
 
diff --git a/front/core/directives/specs/acl.spec.js b/front/core/directives/specs/acl.spec.js
index 34a81c5a0..dca561a41 100644
--- a/front/core/directives/specs/acl.spec.js
+++ b/front/core/directives/specs/acl.spec.js
@@ -15,7 +15,7 @@ describe('Directive acl', () => {
                     {role: {name: 'myOtherRole'}}
                 ]
             });
-        $httpBackend.whenPOST('VnUsers/user/acl').respond([
+        $httpBackend.whenGET('VnUsers/acls').respond([
             {
                 id: 1,
                 model: 'ModelExample',
diff --git a/front/core/lib/specs/acl-service.spec.js b/front/core/lib/specs/acl-service.spec.js
index b82da2a51..7374efdd3 100644
--- a/front/core/lib/specs/acl-service.spec.js
+++ b/front/core/lib/specs/acl-service.spec.js
@@ -11,7 +11,7 @@ describe('Service acl', () => {
                 {role: {name: 'baz'}}
             ]
         });
-        $httpBackend.whenPOST('VnUsers/user/acl').respond([
+        $httpBackend.whenGET('VnUsers/acls').respond([
             {
                 id: 1,
                 model: 'ModelExample',
diff --git a/front/core/services/acl-service.js b/front/core/services/acl-service.js
index f216d0857..508b7bc94 100644
--- a/front/core/services/acl-service.js
+++ b/front/core/services/acl-service.js
@@ -21,8 +21,7 @@ class AclService {
             }
 
             this.acls = {};
-            await this.$http.post('VnUsers/user/acl',
-                {roles: Object.keys(this.roles)}).then(res => {
+            await this.$http.get('VnUsers/acls').then(res => {
                 res.data.forEach(acl => {
                     this.acls[acl.model] = this.acls[acl.model] || {};
                     this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};