module.exports = Self => { /** * Checks if current user has * read privileges over a collection * * @param {object} ctx - Request context * @param {interger} name - Collection name * @param {object} options - Query options * @return {boolean} True for user with read privileges */ Self.hasReadRole = async(ctx, name, options) => { const collection = await Self.findOne({ include: { relation: 'readRole' }, where: {name} }, options); return await hasRole(ctx, collection, options); }; /** * Checks if current user has * write privileges over a collection * * @param {object} ctx - Request context * @param {string} name - Collection name * @param {object} options - Query options * @return {boolean} True for user with write privileges */ Self.hasWriteRole = async(ctx, name, options) => { const collection = await Self.findOne({ include: { relation: 'writeRole' }, where: {name} }, options); return await hasRole(ctx, collection, options); }; /** * Checks if current user has * read or write privileges * @param {Object} ctx - Context * @param {Object} collection - Collection [read/write] * @param {Object} options - Query options */ async function hasRole(ctx, collection, options) { const models = Self.app.models; const myUserId = ctx.req.accessToken.userId; const readRole = collection.readRole() && collection.readRole().name; const writeRole = collection.writeRole() && collection.writeRole().name; const requiredRole = readRole || writeRole; const hasRequiredRole = await models.VnUser.hasRole(myUserId, requiredRole, options); const isRoot = await models.VnUser.hasRole(myUserId, 'root', options); if (isRoot || hasRequiredRole) return true; return false; } };