Various updates.

2015-05-28 23:12:32 +02:00 · 2015-05-28 23:12:32 +02:00 · bfe5b71f19
commit bfe5b71f19
parent eb25cf65dd
4 changed files with 40 additions and 13 deletions
--- a/src/api/acl.js
+++ b/src/api/acl.js
@ -18,7 +18,7 @@ getCurrent.description = 'get existing ACLs concerning current user'

 // -------------------------------------------------------------------

-export async function add ({subject, object, action = 'view'}) {
+export async function add ({subject, object, action}) {
  await this.addAcl(subject, object, action)
 }

@ -27,7 +27,7 @@ add.permission = 'admin'
 add.params = {
  subject: { type: 'string' },
  object: { type: 'string' },
-  // action: { type: 'string' }
+  action: { type: 'string' }
 }

 add.description = 'add a new ACL entry'
--- a/src/api/test.js
+++ b/src/api/test.js
@ -2,6 +2,26 @@ import {delay} from 'bluebird'

 // ===================================================================

+export function hasPermission ({userId, objectId, permission}) {
+  return this.hasPermission(userId, objectId, permission)
+}
+
+hasPermission.permission = 'admin'
+
+hasPermission.params = {
+  userId: {
+    type: 'string'
+  },
+  objectId: {
+    type: 'string'
+  },
+  permission: {
+    type: 'string'
+  }
+}
+
+// -------------------------------------------------------------------
+
 export function wait ({duration, returnValue}) {
  return delay(returnValue, +duration)
 }
--- a/src/models/acl.js
+++ b/src/models/acl.js
@ -41,6 +41,10 @@ export class Acls extends Collection {
    return Acl.hash(subject, object, action).then(hash => this.remove(hash))
  }

+  aclExists (subject, object, action) {
+    return Acl.hash(subject, object, action).then(hash => this.exists(hash))
+  }
+
  async get (properties) {
    const acls = await super.get(properties)

--- a/src/xo.js
+++ b/src/xo.js
@ -190,7 +190,7 @@ export default class Xo extends EventEmitter {
  }

  async hasPermission (userId, objectId, permission) {
-    const user = await this.getUser()
+    const user = await this.getUser(userId)

    // Special case for super XO administrators.
    //
@ -201,7 +201,7 @@ export default class Xo extends EventEmitter {
    // }

    const subjects = user.groups.concat(userId)
-    const actions = (await this.getRolesForPermission(permission)).concat(permission)
+    let actions = (await this.getRolesForPermission(permission)).concat(permission)

    const promises = []
    {
@ -216,7 +216,7 @@ export default class Xo extends EventEmitter {
      forEach(subjects, subject => {
        forEach(actions, action => {
          promises.push(
-            acls.exists({subject, object: objectId, action}).then(throwIfFail)
+            acls.aclExists(subject, objectId, action).then(throwIfFail)
          )
        })
      })
@ -415,14 +415,17 @@ export default class Xo extends EventEmitter {
    ]
  }

-  // Returns an array of permission for a role.
-  //
-  // If not a role, it will return undefined.
-  async resolveRolePermissions (id) {
-    const role = (await this.getRoles())[id]
-    if (role) {
-      return role.permissions
-    }
+  // Returns an array of roles which have a given permission.
+  async getRolesForPermission (permission) {
+    const roles = []
+
+    forEach(await this.getRoles(), role => {
+      if (includes(role.permissions, permission)) {
+        roles.push(role.id)
+      }
+    })
+
+    return roles
  }

  // -----------------------------------------------------------------