7631_testToMaster_2426 #2634
|
@ -0,0 +1,72 @@
|
|||
module.exports = Self => {
|
||||
Self.remoteMethodCtx('acls', {
|
||||
description: 'Get all of the current user acls',
|
||||
returns: {
|
||||
type: 'Object',
|
||||
root: true
|
||||
},
|
||||
http: {
|
||||
path: '/acls',
|
||||
verb: 'GET'
|
||||
}
|
||||
});
|
||||
|
||||
const staticAcls = new Map();
|
||||
const app = require('vn-loopback/server/server');
|
||||
app.on('started', function() {
|
||||
for (const model of app.models()) {
|
||||
for (const acl of model.settings.acls) {
|
||||
if (acl.principalType == 'ROLE' && acl.permission == 'ALLOW') {
|
||||
const staticAcl = {
|
||||
model: model.name,
|
||||
property: '*',
|
||||
accessType: acl.accessType,
|
||||
permission: acl.permission,
|
||||
principalType: acl.principalType,
|
||||
principalId: acl.principalId,
|
||||
};
|
||||
if (staticAcls.has(acl.principalId))
|
||||
staticAcls.get(acl.principalId).push(staticAcl);
|
||||
else
|
||||
staticAcls.set(acl.principalId, [staticAcl]);
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
Self.acls = async function(ctx) {
|
||||
const models = Self.app.models;
|
||||
const acls = [];
|
||||
const userId = ctx.req.accessToken.userId;
|
||||
if (userId) {
|
||||
const roleMapping = await models.RoleMapping.find({
|
||||
where: {
|
||||
principalId: userId
|
||||
},
|
||||
include: [
|
||||
{
|
||||
relation: 'role',
|
||||
scope: {
|
||||
fields: [
|
||||
'name'
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
});
|
||||
const dynamicAcls = await models.ACL.find({
|
||||
where: {
|
||||
principalId: {
|
||||
inq: roleMapping.map(rm => rm.role().name)
|
||||
}
|
||||
}
|
||||
});
|
||||
dynamicAcls.forEach(acl => acls.push(acl));
|
||||
staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
|
||||
} else
|
||||
staticAcls.get('$unauthenticated').forEach(acl => acls.push(acl));
|
||||
|
||||
staticAcls.get('$everyone').forEach(acl => acls.push(acl));
|
||||
return acls;
|
||||
};
|
||||
};
|
|
@ -15,6 +15,7 @@ module.exports = function(Self) {
|
|||
require('../methods/vn-user/renew-token')(Self);
|
||||
require('../methods/vn-user/share-token')(Self);
|
||||
require('../methods/vn-user/update-user')(Self);
|
||||
require('../methods/vn-user/acls')(Self);
|
||||
|
||||
Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');
|
||||
|
||||
|
|
|
@ -133,6 +133,13 @@
|
|||
"principalType": "ROLE",
|
||||
"principalId": "$authenticated",
|
||||
"permission": "ALLOW"
|
||||
},
|
||||
{
|
||||
"property": "acls",
|
||||
"accessType": "*",
|
||||
"principalType": "ROLE",
|
||||
"principalId": "$everyone",
|
||||
"permission": "ALLOW"
|
||||
}
|
||||
],
|
||||
"scopes": {
|
||||
|
|
Loading…
Reference in New Issue