verdnatura/salix
verdnatura
/
salix
3
5
Fork 0
Code Issues Pull Requests 62 Releases Wiki Activity

refs #4074 get static and dynamic acls
gitea/salix/pipeline/head There was a failure building this commit Details

This commit is contained in:
Alexandre Riera 2023-04-21 14:26:31 +02:00
parent fd21a03c01
commit db3de2385d
6 changed files with 62 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
back/methods/vn-user/acls.js Normal file
View File

@ -0,0 +1,58 @@
module.exports = Self => {
Self.remoteMethodCtx('acls', {
description: 'Get all of the current user acls',
returns: {
type: 'Object',
root: true
},
http: {
path: '/acls',
verb: 'GET'
}
});
const staticAcls = new Map();
const app = require('vn-loopback/server/server');
app.on('started', function() {
for (const model of app.models()) {
for (const acl of model.settings.acls) {
if (acl.principalType == 'ROLE' && acl.permission == 'ALLOW') {
const staticAcl = {
model: model.name,
property: '*',
accessType: acl.accessType,
permission: acl.permission,
principalType: acl.principalType,
principalId: acl.principalId,
};
if (staticAcls.has(acl.principalId))
staticAcls.get(acl.principalId).push(staticAcl);
else
staticAcls.set(acl.principalId, [staticAcl]);
}
}
}
});
Self.acls = async function(ctx) {
const acls = [];
const userId = ctx.req.accessToken.userId;
if (userId) {
const dynamicAcls = await Self.rawSql(`
SELECT *
FROM salix.ACL a
WHERE a.principalId IN (
SELECT r.name COLLATE utf8mb3_general_ci
FROM salix.RoleMapping rm
JOIN account.role r ON r.id = rm.roleId
WHERE rm.principalId = ?
)`, [userId]);
dynamicAcls.forEach(acl => acls.push(acl));
staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
} else
staticAcls.get('$unauthenticated').forEach(acl => acls.push(acl));
staticAcls.get('$everyone').forEach(acl => acls.push(acl));
return acls;
};
};

22
back/methods/vn-user/user-acl.js
View File

@ -1,22 +0,0 @@
module.exports = Self => {
Self.remoteMethod('userAcl', {
description: 'Get all of the current user permissions',
accepts: {
arg: 'roles',
type: ['string'],
required: true,
},
returns: {
type: 'Object',
root: true
},
http: {
path: '/user/acl',
verb: 'POST'
}
});
Self.userAcl = async function(roles) {
return Self.rawSql(`SELECT * FROM salix.ACL a WHERE a.principalId IN (?)`, [roles]);
};
};

2
back/models/vn-user.js
View File

@ -10,7 +10,7 @@ module.exports = function(Self) {
require('../methods/vn-user/recover-password')(Self); require('../methods/vn-user/recover-password')(Self);
require('../methods/vn-user/validate-token')(Self); require('../methods/vn-user/validate-token')(Self);
require('../methods/vn-user/privileges')(Self); require('../methods/vn-user/privileges')(Self);
require('../methods/vn-user/user-acl')(Self); require('../methods/vn-user/acls')(Self);
// Validations // Validations

2
front/core/directives/specs/acl.spec.js
View File

@ -15,7 +15,7 @@ describe('Directive acl', () => {
{role: {name: 'myOtherRole'}} {role: {name: 'myOtherRole'}}
] ]
}); });
$httpBackend.whenPOST('VnUsers/user/acl').respond([ $httpBackend.whenGET('VnUsers/acls').respond([
{ {
id: 1, id: 1,
model: 'ModelExample', model: 'ModelExample',

2
front/core/lib/specs/acl-service.spec.js
View File

@ -11,7 +11,7 @@ describe('Service acl', () => {
{role: {name: 'baz'}} {role: {name: 'baz'}}
] ]
}); });
$httpBackend.whenPOST('VnUsers/user/acl').respond([ $httpBackend.whenGET('VnUsers/acls').respond([
{ {
id: 1, id: 1,
model: 'ModelExample', model: 'ModelExample',

3
front/core/services/acl-service.js
View File

@ -21,8 +21,7 @@ class AclService {
} }
this.acls = {}; this.acls = {};
await this.$http.post('VnUsers/user/acl', await this.$http.get('VnUsers/acls').then(res => {
{roles: Object.keys(this.roles)}).then(res => {
res.data.forEach(acl => { res.data.forEach(acl => {
this.acls[acl.model] = this.acls[acl.model] || {}; this.acls[acl.model] = this.acls[acl.model] || {};
this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {}; this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};