fixes #4074 Descargar ACL del usuario actual #1255

Open
pau wants to merge 40 commits from 4074-download-user-ACL into dev
10 changed files with 188 additions and 27 deletions

View File

@ -0,0 +1,72 @@
module.exports = Self => {
Self.remoteMethodCtx('acls', {
description: 'Get all of the current user acls',
returns: {
type: 'Object',
root: true
},
http: {
path: '/acls',
verb: 'GET'
}
});
const staticAcls = new Map();
const app = require('vn-loopback/server/server');
app.on('started', function() {
Review

No se si esta linea deberia ir porque schemaInfo tiene el mismo formato y no tiene el evento started

No se si esta linea deberia ir porque schemaInfo tiene el mismo formato y no tiene el evento started
for (const model of app.models()) {
for (const acl of model.settings.acls) {
if (acl.principalType == 'ROLE' && acl.permission == 'ALLOW') {
const staticAcl = {
model: model.name,
property: '*',
accessType: acl.accessType,
permission: acl.permission,
principalType: acl.principalType,
principalId: acl.principalId,
};
if (staticAcls.has(acl.principalId))
staticAcls.get(acl.principalId).push(staticAcl);
else
staticAcls.set(acl.principalId, [staticAcl]);
}
}
}
});
Self.acls = async function(ctx) {
const models = Self.app.models;
const acls = [];
const userId = ctx.req.accessToken.userId;
if (userId) {
const roleMapping = await models.RoleMapping.find({
where: {
principalId: userId
},
include: [
{
relation: 'role',
scope: {
fields: [
'name'
]
}
}
]
});
const dynamicAcls = await models.ACL.find({
where: {
principalId: {
inq: roleMapping.map(rm => rm.role().name)
}
}
});
dynamicAcls.forEach(acl => acls.push(acl));
staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
} else
staticAcls.get('$unauthenticated').forEach(acl => acls.push(acl));
staticAcls.get('$everyone').forEach(acl => acls.push(acl));
return acls;
};
};

View File

@ -15,6 +15,7 @@ module.exports = function(Self) {
require('../methods/vn-user/renew-token')(Self);
require('../methods/vn-user/share-token')(Self);
require('../methods/vn-user/update-user')(Self);
require('../methods/vn-user/acls')(Self);
Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');

View File

@ -133,6 +133,13 @@
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
},
{
"property": "acls",
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
}
],
"scopes": {

View File

@ -0,0 +1,43 @@
import FormInput from '../components/form-input';
export default function getAcls(acls, aclService, $element, $attrs, user) {
const attrsVnAcl = user ? $attrs.vnUserAcl : $attrs.vnAcl;
acls = attrsVnAcl.split(',').map(i => i.trim());
if (acls[0] == '') return;
if (user) {
const splitAcl = acls[0].split('.');
const splitSlash = splitAcl[1].split('/');
const model = splitAcl[0];
const property = splitSlash[0];
let accessType = splitSlash[1];
if (accessType === 'w') accessType = 'WRITE';
else if (accessType === 'r') accessType = 'READ';
if (aclService.hasAnyACL(model, property, accessType)) return;
} else if (aclService.hasAny(acls)) return;
disableElement($attrs, $element);
}
function disableElement($attrs, $element) {
const action = $attrs.vnAclAction || 'disable';
if (action === 'disable') {
let element = $element[0];
let elementToDisable = element.$ctrl;
if (!(elementToDisable instanceof FormInput)) {
const selector = 'input, textarea, button, submit';
if (!element.matches(selector))
element = element.querySelector(selector);
elementToDisable = element;
}
if (elementToDisable)
elementToDisable.disabled = true;
} else
$element.remove();
}

View File

@ -1,6 +1,5 @@
import ngModule from '../module';
import FormInput from '../components/form-input';
import getAcls from './acl-common';
function vnAcl(aclService) {
let acls = [];
@ -8,30 +7,7 @@ function vnAcl(aclService) {
restrict: 'A',
priority: -1,
link: function(_, $element, $attrs) {
acls = $attrs.vnAcl.split(',').map(i => i.trim());
if (acls[0] == '') return;
let action = $attrs.vnAclAction || 'disable';
if (aclService.hasAny(acls)) return;
if (action === 'disable') {
let element = $element[0];
let elementToDisable = element.$ctrl;
if (!(elementToDisable instanceof FormInput)) {
let selector = 'input, textarea, button, submit';
if (!element.matches(selector))
element = element.querySelector(selector);
elementToDisable = element;
}
if (elementToDisable)
elementToDisable.disabled = true;
} else
$element.remove();
getAcls(acls, aclService, $element, $attrs, false);
}
};
}

View File

@ -5,6 +5,8 @@ import './popover';
import './click-stop';
import './rule';
import './acl';
import './acl-common';
import './user-acl';
import './on-error-src';
import './zoom-image';
import './visible-by';

View File

@ -15,6 +15,17 @@ describe('Directive acl', () => {
{role: {name: 'myOtherRole'}}
]
});
$httpBackend.whenGET('VnUsers/acls').respond([
{
id: 1,
model: 'ModelExample',
property: '*',
accessType: '*',
permission: 'ALLOW',
principalType: 'ROLE',
principalId: 'employee'
}
]);
aclService.load();
$httpBackend.flush();
}));

View File

@ -0,0 +1,17 @@
import ngModule from '../module';
import getAcls from './acl-common';
function vnUserAcl(aclService) {
let acls = [];
return {
restrict: 'A',
priority: -1,
link: function(_, $element, $attrs) {
getAcls(acls, aclService, $element, $attrs, true);
}
};
}
vnUserAcl.$inject = ['aclService'];
ngModule.directive('vnUserAcl', vnUserAcl);

View File

@ -11,6 +11,17 @@ describe('Service acl', () => {
{role: {name: 'baz'}}
]
});
$httpBackend.whenGET('VnUsers/acls').respond([
{
id: 1,
model: 'ModelExample',
property: '*',
accessType: '*',
permission: 'ALLOW',
principalType: 'ROLE',
principalId: 'employee'
}
]);
aclService = _aclService_;
aclService.load();
$httpBackend.flush();

View File

@ -11,7 +11,7 @@ class AclService {
}
load() {
return this.$http.get('VnUsers/acl').then(res => {
return this.$http.get('VnUsers/acl').then(async res => {
this.user = res.data.user;
this.roles = {};
@ -19,7 +19,28 @@ class AclService {
if (role.role)
this.roles[role.role.name] = true;
}
this.acls = {};
await this.$http.get('VnUsers/acls').then(res => {
res.data.forEach(acl => {
this.acls[acl.model] = this.acls[acl.model] || {};
this.acls[acl.model][acl.property] = this.acls[acl.model][acl.property] || {};
this.acls[acl.model][acl.property][acl.accessType] = true;
});
});
});
}
hasAnyACL(model, property, accessType) {
const acls = this.acls[model];
if (acls) {
for (const prop of ['*', property]) {
const acl = acls[prop];
if (acl && (acl['*'] || acl[accessType]))
return true;
}
}
return false;
}
hasAny(roles) {