84 lines
2.5 KiB
JavaScript
84 lines
2.5 KiB
JavaScript
const UserError = require('vn-loopback/util/user-error');
|
|
|
|
module.exports = Self => {
|
|
Self.remoteMethod('privileges', {
|
|
description: 'Change role and hasGrant if user has privileges',
|
|
accepts: [
|
|
{
|
|
arg: 'ctx',
|
|
type: 'Object',
|
|
http: {source: 'context'}
|
|
},
|
|
{
|
|
arg: 'id',
|
|
type: 'number',
|
|
required: true,
|
|
description: 'The user id',
|
|
http: {source: 'path'}
|
|
},
|
|
{
|
|
arg: 'roleFk',
|
|
type: 'number',
|
|
description: 'The new role for user',
|
|
},
|
|
{
|
|
arg: 'hasGrant',
|
|
type: 'boolean',
|
|
description: 'Whether to has grant'
|
|
}
|
|
],
|
|
http: {
|
|
path: `/:id/privileges`,
|
|
verb: 'POST'
|
|
}
|
|
});
|
|
|
|
Self.privileges = async function(ctx, id, roleFk, hasGrant, options) {
|
|
if (!(hasGrant != null || roleFk)) return;
|
|
|
|
const models = Self.app.models;
|
|
const userId = ctx.req.accessToken.userId;
|
|
|
|
const myOptions = {};
|
|
|
|
if (typeof options == 'object')
|
|
Object.assign(myOptions, options);
|
|
|
|
const user = await Self.findById(userId, {fields: ['hasGrant']}, myOptions);
|
|
|
|
const userToUpdate = await Self.findById(id, {
|
|
fields: ['id', 'name', 'hasGrant', 'roleFk', 'password', 'email'],
|
|
include: {
|
|
relation: 'role',
|
|
scope: {
|
|
fields: ['name']
|
|
}
|
|
}
|
|
}, myOptions);
|
|
|
|
if (!user.hasGrant)
|
|
throw new UserError(`You don't have grant privilege`);
|
|
|
|
const hasRoleFromUser = await Self.hasRole(userId, userToUpdate.role().name, myOptions);
|
|
|
|
if (!hasRoleFromUser)
|
|
throw new UserError(`You don't own the role and you can't assign it to another user`);
|
|
|
|
if (hasGrant != null)
|
|
userToUpdate.hasGrant = hasGrant;
|
|
|
|
if (roleFk) {
|
|
const role = await models.Role.findById(roleFk, {fields: ['name']}, myOptions);
|
|
const hasRole = await Self.hasRole(userId, role.name, myOptions);
|
|
|
|
if (!hasRole)
|
|
throw new UserError(`You don't own the role and you can't assign it to another user`);
|
|
|
|
userToUpdate.roleFk = roleFk;
|
|
}
|
|
|
|
await userToUpdate.save(userToUpdate);
|
|
await models.Account.sync(userToUpdate.name);
|
|
};
|
|
};
|