module.exports = Self => { Self.remoteMethodCtx('acls', { description: 'Get all of the current user acls', returns: { type: 'Object', root: true }, http: { path: '/acls', verb: 'GET' } }); const staticAcls = new Map(); const app = require('vn-loopback/server/server'); app.on('started', function() { for (const model of app.models()) { for (const acl of model.settings.acls) { if (acl.principalType == 'ROLE' && acl.permission == 'ALLOW') { const staticAcl = { model: model.name, property: '*', accessType: acl.accessType, permission: acl.permission, principalType: acl.principalType, principalId: acl.principalId, }; if (staticAcls.has(acl.principalId)) staticAcls.get(acl.principalId).push(staticAcl); else staticAcls.set(acl.principalId, [staticAcl]); } } } }); Self.acls = async function(ctx) { const acls = []; const userId = ctx.req.accessToken.userId; if (userId) { const dynamicAcls = await Self.rawSql(` SELECT * FROM salix.ACL a WHERE a.principalId IN ( SELECT r.name COLLATE utf8mb3_general_ci FROM salix.RoleMapping rm JOIN account.role r ON r.id = rm.roleId WHERE rm.principalId = ? )`, [userId]); dynamicAcls.forEach(acl => acls.push(acl)); staticAcls.get('$authenticated').forEach(acl => acls.push(acl)); } else staticAcls.get('$unauthenticated').forEach(acl => acls.push(acl)); staticAcls.get('$everyone').forEach(acl => acls.push(acl)); return acls; }; };