salix/services/loopback/common/models/vn-model.js

360 lines
11 KiB
JavaScript

const ParameterizedSQL = require('loopback-connector').ParameterizedSQL;
const UserError = require('../helpers').UserError;
module.exports = function(Self) {
Self.ParameterizedSQL = ParameterizedSQL;
Self.setup = function() {
Self.super_.setup.call(this);
// Register field ACL validation
this.beforeRemote('prototype.patchAttributes', ctx => this.checkUpdateAcls(ctx));
this.beforeRemote('updateAll', ctx => this.checkUpdateAcls(ctx));
this.beforeRemote('patchOrCreate', ctx => this.checkInsertAcls(ctx));
this.beforeRemote('create', ctx => this.checkInsertAcls(ctx));
this.beforeRemote('replaceById', ctx => this.checkInsertAcls(ctx));
this.beforeRemote('replaceOrCreate', ctx => this.checkInsertAcls(ctx));
this.remoteMethod('crud', {
description: 'Create, update or/and delete instances from model with a single request',
accessType: 'WRITE',
accepts: [
{
arg: 'actions',
type: 'Object',
require: true,
description: 'Instances to update, example: {create: [instances], update: [instances], delete: [ids]}',
http: {source: 'body'}
}
],
http: {
path: `/crud`,
verb: 'POST'
}
});
};
Self.defineScope = function(serverFilter) {
this.remoteMethodCtx('list', {
accepts: [
{
arg: 'filter',
type: 'object',
description: 'Filter defining where'
}
],
returns: {
type: [this.modelName],
root: true
},
http: {
verb: 'get',
path: '/list'
}
});
this.list = function(ctx, clientFilter, cb) {
let clientFields = (clientFilter && clientFilter.fields) ? clientFilter.fields : [];
let serverFields = (serverFilter && serverFilter.fields) ? serverFilter.fields : [];
let fields = clientFields.filter(itemC => {
return serverFields.some(itemS => itemS === itemC);
});
let and = [];
let order;
let limit;
let filter = {order: order, limit: limit};
if (clientFilter && clientFilter.where)
and.push(clientFilter.where);
if (serverFilter && serverFilter.where)
and.push(serverFilter.where);
if (clientFilter && clientFilter.order)
order = clientFilter.order;
else if (serverFilter && serverFilter.order)
order = serverFilter.order;
if (serverFilter && serverFilter.limit)
limit = serverFilter.limit;
else if (clientFilter && clientFilter.limit)
limit = clientFilter.limit;
filter.where = (and.length > 0) && {and: and};
filter.fields = fields;
this.find(filter, function(err, states) {
if (err)
cb(err, null);
else
cb(null, states);
});
};
};
Self.remoteMethodCtx = function(methodName, args) {
var ctx = {
arg: 'context',
type: 'object',
http: function(ctx) {
return ctx;
}
};
if (args.accepts === undefined)
args.accepts = [];
else if (!Array.isArray(args.accepts))
args.accepts = [args.accepts];
args.accepts.unshift(ctx);
this.remoteMethod(methodName, args);
};
Self.getConnection = function(cb) {
this.dataSource.connector.client.getConnection(cb);
};
Self.connectToService = function(ctx, dataSource) {
this.app.dataSources[dataSource].connector.remotes.auth = {
bearer: new Buffer(ctx.req.accessToken.id).toString('base64'),
sendImmediately: true
};
};
Self.disconnectFromService = function(dataSource) {
this.app.dataSources[dataSource].connector.remotes.auth = {
bearer: new Buffer('').toString('base64'),
sendImmediately: true
};
};
Self.crud = async function(actions) {
let transaction = await this.beginTransaction({});
let options = {transaction: transaction};
try {
if (actions.delete && actions.delete.length) {
await this.destroyAll({id: {inq: actions.delete}}, options);
}
if (actions.update) {
try {
let promises = [];
actions.update.forEach(toUpdate => {
promises.push(this.upsertWithWhere(toUpdate.where, toUpdate.data, options));
});
await Promise.all(promises);
} catch (error) {
throw error;
}
}
if (actions.create && actions.create.length) {
try {
await this.create(actions.create, options);
} catch (error) {
throw error[error.length - 1];
}
}
await transaction.commit();
} catch (error) {
await transaction.rollback();
throw error;
}
};
/**
* Executes an SQL query
* @param {String} query - SQL query
* @param {Object} params - Query data params
* @param {Object} options - Query options (Ex: {transaction})
* @param {Object} cb - Callback
* @return {Object} Connector promise
*/
Self.rawSql = function(query, params, options = {}, cb) {
var connector = this.dataSource.connector;
return new Promise(function(resolve, reject) {
connector.execute(query, params, options, function(error, response) {
if (cb)
cb(error, response);
if (error)
reject(error);
else
resolve(response);
});
});
};
/**
* Executes an SQL query from an Stmt
* @param {ParameterizedSql} stmt - Stmt object
* @param {Object} options - Query options (Ex: {transaction})
* @return {Object} Connector promise
*/
Self.rawStmt = function(stmt, options = {}) {
return this.rawSql(stmt.sql, stmt.params, options);
};
Self.escapeName = function(name) {
return this.dataSource.connector.escapeName(name);
};
/**
* Constructs SQL where clause from Loopback filter
* @param {Object} filter - filter
* @param {String} tableAlias - Query main table alias
* @return {String} Builded SQL where
*/
Self.buildWhere = function(filter, tableAlias) {
let connector = this.dataSource.connector;
let wrappedConnector = Object.create(connector);
wrappedConnector.columnEscaped = function(model, property) {
let sql = tableAlias
? connector.escapeName(tableAlias) + '.'
: '';
return sql + connector.columnEscaped(model, property);
};
return wrappedConnector.makeWhere(this.modelName, filter.where);
};
/**
* Constructs SQL limit clause from Loopback filter
* @param {Object} filter - filter
* @return {String} Builded SQL limit
*/
Self.buildLimit = function(filter) {
let sql = new ParameterizedSQL('');
this.dataSource.connector.applyPagination(this.modelName, sql, filter);
return sql;
};
/**
* Constructs SQL order clause from Loopback filter
* @param {Object} filter - filter
* @return {String} Builded SQL order
*/
Self.buildOrderBy = function(filter) {
let order = filter.order;
if (!order)
return '';
if (typeof order === 'string')
order = [order];
let clauses = [];
for (let clause of order) {
let sqlOrder = '';
let t = clause.split(/[\s,]+/);
let names = t[0].split('.');
if (names.length > 1)
sqlOrder += this.escapeName(names[0]) + '.';
sqlOrder += this.escapeName(names[names.length - 1]);
if (t.length > 1)
sqlOrder += ' ' + (t[1].toUpperCase() == 'ASC' ? 'ASC' : 'DESC');
clauses.push(sqlOrder);
}
return `ORDER BY ${clauses.join(', ')}`;
};
/**
* Constructs SQL pagination from Loopback filter
* @param {Object} filter - filter
* @return {String} Builded SQL pagination
*/
Self.buildPagination = function(filter) {
return ParameterizedSQL.join([
this.buildOrderBy(filter),
this.buildLimit(filter)
]);
};
/**
* Constructs SQL filter including where, order and limit
* clauses from Loopback filter
* @param {Object} filter - filter
* @param {String} tableAlias - Query main table alias
* @return {String} Builded SQL limit
*/
Self.buildSuffix = function(filter, tableAlias) {
return ParameterizedSQL.join([
this.buildWhere(filter, tableAlias),
this.buildPagination(filter)
]);
};
Self.checkAcls = async function(ctx, actionType) {
let userId = ctx.req.accessToken.userId;
let models = this.app.models;
let userRoles = await models.Account.getRoles(userId);
let data = ctx.args.data;
let modelAcls;
function modifiedProperties(data) {
let properties = [];
for (property in data) {
properties.push(property);
}
return properties;
}
modelAcls = await models.FieldAcl.find({
where: {
and: [
{model: this.modelName},
{role: {inq: userRoles}},
{property: '*'},
{or: [{actionType: '*'}, {actionType: actionType}]}
]
}
});
let allowedAll = modelAcls.find(acl => {
return acl.property == '*';
});
if (allowedAll)
return;
modelAcls = await models.FieldAcl.find({
where: {
and: [
{model: this.modelName},
{role: {inq: userRoles}},
{property: {inq: modifiedProperties(data)}},
{or: [{actionType: '*'}, {actionType: actionType}]}
]
}
});
let propsHash = {};
for (let acl of modelAcls)
propsHash[acl.property] = true;
let allowedProperties = Object.keys(data).every(property => {
return propsHash[property];
});
if (!allowedProperties)
throw new UserError(`You don't have enough privileges`);
};
Self.checkUpdateAcls = function(ctx) {
return this.checkAcls(ctx, 'update');
};
Self.checkInsertAcls = function(ctx) {
return this.checkAcls(ctx, 'insert');
};
// Action bindings
require('../methods/vn-model/validateBinded')(Self);
// Handle MySql errors
require('../methods/vn-model/rewriteDbError')(Self);
// Get table set of values
require('../methods/vn-model/getSetValues')(Self);
};