7631_testToMaster_2426 #2634

Merged
alexm merged 147 commits from 7631_testToMaster_2426 into master 2024-06-25 06:36:59 +00:00
5 changed files with 108 additions and 0 deletions
Showing only changes of commit 6aca0765c0 - Show all commits

View File

@ -0,0 +1,72 @@
module.exports = Self => {
Self.remoteMethodCtx('acls', {
description: 'Get all of the current user acls',
returns: {
type: 'Object',
root: true
},
http: {
path: '/acls',
verb: 'GET'
}
});
const staticAcls = new Map();
const app = require('vn-loopback/server/server');
app.on('started', function() {
for (const model of app.models()) {
for (const acl of model.settings.acls) {
if (acl.principalType == 'ROLE' && acl.permission == 'ALLOW') {
const staticAcl = {
model: model.name,
property: '*',
accessType: acl.accessType,
permission: acl.permission,
principalType: acl.principalType,
principalId: acl.principalId,
};
if (staticAcls.has(acl.principalId))
staticAcls.get(acl.principalId).push(staticAcl);
else
staticAcls.set(acl.principalId, [staticAcl]);
}
}
}
});
Self.acls = async function(ctx) {
const models = Self.app.models;
const acls = [];
const userId = ctx.req.accessToken.userId;
if (userId) {
const roleMapping = await models.RoleMapping.find({
where: {
principalId: userId
},
include: [
{
relation: 'role',
scope: {
fields: [
'name'
]
}
}
]
});
const dynamicAcls = await models.ACL.find({
where: {
principalId: {
inq: roleMapping.map(rm => rm.role().name)
}
}
});
dynamicAcls.forEach(acl => acls.push(acl));
staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
} else
staticAcls.get('$unauthenticated').forEach(acl => acls.push(acl));
staticAcls.get('$everyone').forEach(acl => acls.push(acl));
return acls;
};
};

View File

@ -0,0 +1,27 @@
const {models} = require('vn-loopback/server/server');
const id = {administrative: 5, employee: 1, productionBoss: 50};
describe('VnUser acls()', () => {
it('should get its owns acls', async() => {
expect(await hasAcl('administrative', id.administrative)).toBeTruthy();
expect(await hasAcl('productionBoss', id.productionBoss)).toBeTruthy();
});
it('should not get administrative acls', async() => {
expect(await hasAcl('administrative', id.employee)).toBeFalsy();
});
it('should get the $authenticated acls', async() => {
expect(await hasAcl('$authenticated', id.employee)).toBeTruthy();
});
it('should get the $everyone acls', async() => {
expect(await hasAcl('$everyone', id.employee)).toBeTruthy();
});
});
const hasAcl = async(role, userId) => {
const ctx = {req: {accessToken: {userId}, headers: {origin: 'http://localhost'}}};
const acls = await models.VnUser.acls(ctx);
return Object.values(acls).some(acl => acl.principalId === role);
};

View File

@ -16,6 +16,7 @@ module.exports = function(Self) {
require('../methods/vn-user/share-token')(Self); require('../methods/vn-user/share-token')(Self);
require('../methods/vn-user/update-user')(Self); require('../methods/vn-user/update-user')(Self);
require('../methods/vn-user/validate-token')(Self); require('../methods/vn-user/validate-token')(Self);
require('../methods/vn-user/acls')(Self);
Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create'); Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');

View File

@ -140,6 +140,13 @@
"principalType": "ROLE", "principalType": "ROLE",
"principalId": "$authenticated", "principalId": "$authenticated",
"permission": "ALLOW" "permission": "ALLOW"
},
{
"property": "acls",
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
} }
], ],
"scopes": { "scopes": {

View File

@ -17,6 +17,7 @@ async function init() {
err => err ? reject(err) : resolve()); err => err ? reject(err) : resolve());
}); });
// FIXME: Workaround to wait for loopback to be ready // FIXME: Workaround to wait for loopback to be ready
app.emit('started');
await app.models.Application.status(); await app.models.Application.status();
} }