From bfe5b71f190813d8c67c956147b9bd27efd5b5af Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Thu, 28 May 2015 23:12:32 +0200 Subject: [PATCH] Various updates. --- src/api/acl.js | 4 ++-- src/api/test.js | 20 ++++++++++++++++++++ src/models/acl.js | 4 ++++ src/xo.js | 25 ++++++++++++++----------- 4 files changed, 40 insertions(+), 13 deletions(-) diff --git a/src/api/acl.js b/src/api/acl.js index 96003a466..9aeb01855 100644 --- a/src/api/acl.js +++ b/src/api/acl.js @@ -18,7 +18,7 @@ getCurrent.description = 'get existing ACLs concerning current user' // ------------------------------------------------------------------- -export async function add ({subject, object, action = 'view'}) { +export async function add ({subject, object, action}) { await this.addAcl(subject, object, action) } @@ -27,7 +27,7 @@ add.permission = 'admin' add.params = { subject: { type: 'string' }, object: { type: 'string' }, - // action: { type: 'string' } + action: { type: 'string' } } add.description = 'add a new ACL entry' diff --git a/src/api/test.js b/src/api/test.js index 20588efad..6ecd503b3 100644 --- a/src/api/test.js +++ b/src/api/test.js @@ -2,6 +2,26 @@ import {delay} from 'bluebird' // =================================================================== +export function hasPermission ({userId, objectId, permission}) { + return this.hasPermission(userId, objectId, permission) +} + +hasPermission.permission = 'admin' + +hasPermission.params = { + userId: { + type: 'string' + }, + objectId: { + type: 'string' + }, + permission: { + type: 'string' + } +} + +// ------------------------------------------------------------------- + export function wait ({duration, returnValue}) { return delay(returnValue, +duration) } diff --git a/src/models/acl.js b/src/models/acl.js index 284282144..4e0f17289 100644 --- a/src/models/acl.js +++ b/src/models/acl.js @@ -41,6 +41,10 @@ export class Acls extends Collection { return Acl.hash(subject, object, action).then(hash => this.remove(hash)) } + aclExists (subject, object, action) { + return Acl.hash(subject, object, action).then(hash => this.exists(hash)) + } + async get (properties) { const acls = await super.get(properties) diff --git a/src/xo.js b/src/xo.js index 9056af57e..744cadd6d 100644 --- a/src/xo.js +++ b/src/xo.js @@ -190,7 +190,7 @@ export default class Xo extends EventEmitter { } async hasPermission (userId, objectId, permission) { - const user = await this.getUser() + const user = await this.getUser(userId) // Special case for super XO administrators. // @@ -201,7 +201,7 @@ export default class Xo extends EventEmitter { // } const subjects = user.groups.concat(userId) - const actions = (await this.getRolesForPermission(permission)).concat(permission) + let actions = (await this.getRolesForPermission(permission)).concat(permission) const promises = [] { @@ -216,7 +216,7 @@ export default class Xo extends EventEmitter { forEach(subjects, subject => { forEach(actions, action => { promises.push( - acls.exists({subject, object: objectId, action}).then(throwIfFail) + acls.aclExists(subject, objectId, action).then(throwIfFail) ) }) }) @@ -415,14 +415,17 @@ export default class Xo extends EventEmitter { ] } - // Returns an array of permission for a role. - // - // If not a role, it will return undefined. - async resolveRolePermissions (id) { - const role = (await this.getRoles())[id] - if (role) { - return role.permissions - } + // Returns an array of roles which have a given permission. + async getRolesForPermission (permission) { + const roles = [] + + forEach(await this.getRoles(), role => { + if (includes(role.permissions, permission)) { + roles.push(role.id) + } + }) + + return roles } // -----------------------------------------------------------------