const UserError = require('vn-loopback/util/user-error'); module.exports = Self => { Self.remoteMethod('checkColumnPermission', { description: 'Return enum values of column', accessType: 'EXECUTE', accepts: [{ arg: 'schema', type: 'string', description: 'The schema of db', required: true, }, { arg: 'table', type: 'string', description: 'The table of schema', required: true, }, { arg: 'column', type: 'string', description: 'The column of table', required: true, }, { arg: 'privilegeType', type: 'string', description: 'Privilege type (SELECT|UPDATE|INSERT|DELETE)', required: true, }, { arg: 'userId', type: 'number', description: 'The user id', required: true, } ], returns: { type: 'any', root: true }, http: { path: `/check-column-permission`, verb: 'GET' } }); Self.checkColumnPermission = async(schema, table, column, privilegeType, userId) => { const models = Self.app.models; const $t = ((msg, vars) => // Me falta hacer funcionar el $t, ya que probando con ctx no funciona msg.replace(/\{(\w+)\}/g, (_, key) => vars[key] || '') ); const user = await models.VnUser.findById(userId); const role = await models.VnRole.findById(user.roleFk); const permissions = await Self.rawSql(` SELECT TRUE FROM information_schema.COLUMN_PRIVILEGES WHERE TABLE_SCHEMA = ? AND TABLE_NAME = ? AND COLUMN_NAME = ? AND PRIVILEGE_TYPE = ? AND REGEXP_SUBSTR(GRANTEE, '[a-zA-Z]+') = ? `, [schema, table, column, privilegeType, role.name]); if (!permissions.length) throw new UserError($t(`You don't have enough privileges to modify`, {column})); }; };