module.exports = Self => { Self.remoteMethodCtx('acls', { description: 'Get all of the current user acls', returns: { type: 'Object', root: true }, http: { path: '/acls', verb: 'GET' } }); const staticAcls = new Map(); const app = require('vn-loopback/server/server'); app.on('started', function() { for (const model of app.models()) { for (const acl of model.settings.acls) { if (acl.principalType == 'ROLE' && acl.permission == 'ALLOW') { const staticAcl = { model: model.name, property: '*', accessType: acl.accessType, permission: acl.permission, principalType: acl.principalType, principalId: acl.principalId, }; if (staticAcls.has(acl.principalId)) staticAcls.get(acl.principalId).push(staticAcl); else staticAcls.set(acl.principalId, [staticAcl]); } } } }); Self.acls = async function(ctx) { const models = Self.app.models; const acls = []; const userId = ctx.req.accessToken.userId; if (userId) { const roleMapping = await models.RoleMapping.find({ where: { principalId: userId }, include: [ { relation: 'role', scope: { fields: [ 'name' ] } } ] }); const dynamicAcls = await models.ACL.find({ where: { principalId: { inq: roleMapping.map(rm => rm.role().name) } } }); dynamicAcls.forEach(acl => acls.push(acl)); staticAcls.get('$authenticated').forEach(acl => acls.push(acl)); } else staticAcls.get('$unauthenticated').forEach(acl => acls.push(acl)); staticAcls.get('$everyone').forEach(acl => acls.push(acl)); return acls; }; };