63 lines
2.0 KiB
JavaScript
63 lines
2.0 KiB
JavaScript
const UserError = require('vn-loopback/util/user-error');
|
|
|
|
module.exports = Self => {
|
|
Self.remoteMethod('checkColumnPermission', {
|
|
description: 'Check if the user has permission for a specific column',
|
|
accessType: 'EXECUTE',
|
|
accepts: [{
|
|
arg: 'schema',
|
|
type: 'string',
|
|
description: 'The schema of db',
|
|
required: true,
|
|
}, {
|
|
arg: 'table',
|
|
type: 'string',
|
|
description: 'The table of schema',
|
|
required: true,
|
|
}, {
|
|
arg: 'column',
|
|
type: 'string',
|
|
description: 'The column of table',
|
|
required: true,
|
|
}, {
|
|
arg: 'privilegeType',
|
|
type: 'string',
|
|
description: 'Privilege type (SELECT|UPDATE|INSERT|DELETE)',
|
|
required: true,
|
|
}, {
|
|
arg: 'userId',
|
|
type: 'number',
|
|
description: 'The user id',
|
|
required: true,
|
|
}
|
|
],
|
|
returns: {
|
|
type: 'any',
|
|
root: true
|
|
},
|
|
http: {
|
|
path: `/check-column-permission`,
|
|
verb: 'GET'
|
|
}
|
|
});
|
|
|
|
Self.checkColumnPermission = async(schema, table, column, privilegeType, userId) => {
|
|
const models = Self.app.models;
|
|
const user = await models.VnUser.findById(userId);
|
|
if (!user) return;
|
|
const role = await models.VnRole.findById(user.roleFk);
|
|
const permissions = await Self.rawSql(`
|
|
SELECT TRUE
|
|
FROM information_schema.COLUMN_PRIVILEGES
|
|
WHERE TABLE_SCHEMA = ?
|
|
AND TABLE_NAME = ?
|
|
AND COLUMN_NAME = ?
|
|
AND PRIVILEGE_TYPE = ?
|
|
AND REGEXP_SUBSTR(GRANTEE, '[a-zA-Z]+') = ?
|
|
`, [schema, table, column, privilegeType, role.name]);
|
|
|
|
if (!permissions.length)
|
|
throw new UserError(`You do not have sufficient privileges to modify a specific column`);
|
|
};
|
|
};
|