34 lines
893 B
JavaScript
34 lines
893 B
JavaScript
module.exports = Self => {
|
|
Self.remoteMethodCtx('aclFunc', {
|
|
description: 'Get the user information and permissions',
|
|
accepts: [
|
|
{
|
|
arg: 'property',
|
|
type: 'String',
|
|
description: 'The user name or email',
|
|
required: true
|
|
}
|
|
],
|
|
returns: {
|
|
type: 'Object',
|
|
root: true
|
|
},
|
|
http: {
|
|
path: `/aclFunc`,
|
|
verb: 'GET'
|
|
}
|
|
});
|
|
|
|
Self.aclFunc = async function(ctx, property) {
|
|
const userId = ctx.req.accessToken.userId;
|
|
const models = Self.app.models;
|
|
|
|
const [acl] = await Self.rawSql(
|
|
`SELECT a.principalId
|
|
FROM salix.ACL a
|
|
WHERE a.property = ?`, [property]);
|
|
|
|
return await models.Account.hasRole(userId, acl.principalId);
|
|
};
|
|
};
|