salix/loopback/common/methods/application/execute.js

const UserError = require('vn-loopback/util/user-error');

module.exports = Self => {
    Self.execute = async(ctx, query, params, options) => {
        const userId = ctx.req.accessToken.userId;
        const models = Self.app.models;
        params = params ?? [];

        const myOptions = {userId: ctx.req.accessToken.userId};
        if (typeof options == 'object')
            Object.assign(myOptions, options);

        let [caller, chain] = query.split(' ');
        if (!chain.includes('.')) chain = 'vn.' + chain;

        const [canExecute] = await models.ProcsPriv.rawSql(
            'SELECT account.user_hasRoutinePriv(?,?,?)',
            [caller == 'CALL' ? 'PROCEDURE' : 'FUNCTION', chain, userId],
            myOptions);

        if (!Object.values(canExecute)[0]) throw new UserError(`You don't have enough privileges`, 'ACCESS_DENIED');

        let argString = params.map(() => '?').join(',');
        query = `${query}(${argString})`;

        const [response] = await models.ProcsPriv.rawSql(query, params, myOptions);
        return response;
    };
};