59 lines
2.0 KiB
JavaScript
59 lines
2.0 KiB
JavaScript
module.exports = Self => {
|
|
Self.remoteMethodCtx('acls', {
|
|
description: 'Get all of the current user acls',
|
|
returns: {
|
|
type: 'Object',
|
|
root: true
|
|
},
|
|
http: {
|
|
path: '/acls',
|
|
verb: 'GET'
|
|
}
|
|
});
|
|
|
|
const staticAcls = new Map();
|
|
const app = require('vn-loopback/server/server');
|
|
app.on('started', function() {
|
|
for (const model of app.models()) {
|
|
for (const acl of model.settings.acls) {
|
|
if (acl.principalType == 'ROLE' && acl.permission == 'ALLOW') {
|
|
const staticAcl = {
|
|
model: model.name,
|
|
property: '*',
|
|
accessType: acl.accessType,
|
|
permission: acl.permission,
|
|
principalType: acl.principalType,
|
|
principalId: acl.principalId,
|
|
};
|
|
if (staticAcls.has(acl.principalId))
|
|
staticAcls.get(acl.principalId).push(staticAcl);
|
|
else
|
|
staticAcls.set(acl.principalId, [staticAcl]);
|
|
}
|
|
}
|
|
}
|
|
});
|
|
|
|
Self.acls = async function(ctx) {
|
|
const acls = [];
|
|
const userId = ctx.req.accessToken.userId;
|
|
if (userId) {
|
|
const dynamicAcls = await Self.rawSql(`
|
|
SELECT *
|
|
FROM salix.ACL a
|
|
WHERE a.principalId IN (
|
|
SELECT r.name COLLATE utf8mb3_general_ci
|
|
FROM salix.RoleMapping rm
|
|
JOIN account.role r ON r.id = rm.roleId
|
|
WHERE rm.principalId = ?
|
|
)`, [userId]);
|
|
dynamicAcls.forEach(acl => acls.push(acl));
|
|
staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
|
|
} else
|
|
staticAcls.get('$unauthenticated').forEach(acl => acls.push(acl));
|
|
|
|
staticAcls.get('$everyone').forEach(acl => acls.push(acl));
|
|
return acls;
|
|
};
|
|
};
|