Skip to content

Commit

Permalink
feat: save http verb in rights collection
Browse files Browse the repository at this point in the history
  • Loading branch information
Andreas Krummsdorf committed Jan 14, 2015
1 parent a3f6e38 commit 38f5483
Show file tree
Hide file tree
Showing 2 changed files with 94 additions and 70 deletions.
156 changes: 88 additions & 68 deletions lib/LxAuth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,10 @@ module.exports = function (options) {
throw lxHelpers.getTypeError('maxLifeTime', options.config.WEB_TOKEN.inactivityTime, 1);
}

function getRouteNameWithVerb (route, verb) {
return verb + ':' + route;
}

function generateGuid () {
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) {
var r, v;
Expand Down Expand Up @@ -81,12 +85,18 @@ module.exports = function (options) {
if (line.indexOf('.get') > 0) {
// decide which api type with socket.on function
var type = line.indexOf('.on') > 0 ? 'socket' : 'rest';

var parts = line.split(',');

// get rest route
var route = parts[0].split('\'')[1];

// get http verb
var verb = parts[0].substring(parts[0].indexOf('.') + 1, parts[0].indexOf('('));

// unique path to function
var path = parts[parts.length - 1].split('(')[1].replace(/'|\)|;/g, '').replace('.', '/');

routes[path] = {route: route, type: type};
routes[path] = {route: route, type: type, verb: verb};
}
});

Expand Down Expand Up @@ -245,11 +255,6 @@ module.exports = function (options) {
* @returns {Object.<string, Object>} (nameOfRight: {hasAccess: true, resource: *})
*/
self.getUserAcl = function (user, allRights, allRoles, allGroups, additionalRoles, resourceRights) {
// check params
// if (!lxHelpers.isObject(user)) {
// throw new RightsError('param "user" is not an object');
// }

var result = {
rest: {},
socket: {}
Expand All @@ -272,28 +277,37 @@ module.exports = function (options) {
});

// add right name to result if the user has access
if (lxHelpers.isObject(right) && userRight.hasAccess) {
if (right.type === 'socket') {
result.socket[right.name] = {
controller: right.controller,
route: right.route,
hasAccess: true
};
if (lxHelpers.isObject(right) && userRight.hasAccess && right.route) {
var name = getRouteNameWithVerb(right.route, right.verb);

if (userRight.resource) {
result.socket[right.name].resource = userRight.resource;
}
} else {
result.rest[right.name] = {
controller: right.controller,
route: right.route,
hasAccess: true
};
result[right.type][name] = {};

if (userRight.resource) {
result.rest[right.name].resource = userRight.resource;
}
if (userRight.resource) {
result[right.type][name].resource = userRight.resource;
}

//if (right.type === 'socket') {
//
// //result.socket[right.name] = {
// // controller: right.controller,
// // route: right.route,
// // hasAccess: true
// //};
//
// if (userRight.resource) {
// result.socket[right.name].resource = userRight.resource;
// }
//} else {
// //result.rest[right.name] = {
// // controller: right.controller,
// // route: right.route,
// // hasAccess: true
// //};
//
// if (userRight.resource) {
// result.rest[right.name].resource = userRight.resource;
// }
//}
}
});

Expand Down Expand Up @@ -417,9 +431,7 @@ module.exports = function (options) {
}]
}, function (error, results) {
if (error) {
// logging.syslog.error('%s! getting user from db: %j', error, name);
callback(new Error('Error loading user from db!'));
return;
return callback(new Error('Error loading user from db!'));
}

callback(null, results.getUserAcl);
Expand Down Expand Up @@ -520,7 +532,6 @@ module.exports = function (options) {
self.getPublicFunctionsFromControllers(next);
},
processRights: ['getRoutesFromRoutes', 'getPublicFunctionsFromControllers', function (next, results) {

var routes = results.getRoutesFromRoutes;
var rights = results.getPublicFunctionsFromControllers;
var roles = {};
Expand Down Expand Up @@ -549,41 +560,41 @@ module.exports = function (options) {
description: right.description,
controller: right.controller,
route: route.route,
type: route.type
type: route.type,
verb: route.verb
};

if (!result) {
rightsRepo.insert(newRight, function (error, result) {
if (error) {
nextRight(error);
return;
rightsRepo.insertOne(newRight, function (insertError, insertResult) {
if (insertError) {
return nextRight(insertError);
}

if (result) {
if (insertResult && insertResult.result.n === 1) {
rightsCreated++;
addRightToRoles(right.roles, result[0]._id);
addRightToRoles(right.roles, insertResult.ops[0]._id);
}

nextRight();
});
} else {
addRightToRoles(right.roles, result._id);

if (result.description !== right.description || result.controller !== right.controller || result.route !== route.route) {
rightsRepo.update({_id: result._id}, {
if (result.description !== right.description || result.controller !== right.controller || result.route !== route.route || result.verb !== route.verb) {
rightsRepo.updateOne({_id: result._id}, {
$set: {
description: right.description,
controller: right.controller,
route: route.route,
type: route.type
type: route.type,
verb: route.verb
}
}, function (error, result) {
if (error) {
nextRight(error);
return;
}, function (updateError, updateResult) {
if (updateError) {
return nextRight(updateError);
}

if (result) {
if (updateResult && updateResult.n === 1) {
rightsCreated++;
}

Expand All @@ -607,17 +618,16 @@ module.exports = function (options) {
var roleKeys = Object.keys(results.processRights);

if (roleKeys.length > 0) {
async.each(roleKeys, function (roleName, next) {
async.each(roleKeys, function (roleName, cb) {
rolesRepo.findOne({name: roleName}, function (error, result) {
if (error) {
next(error);
return;
return cb(error);
}

if (result) {
rolesRepo.update({_id: result._id}, {$set: {rights: roles[roleName].rights}}, next);
rolesRepo.updateOne({_id: result._id}, {$set: {rights: roles[roleName].rights}}, cb);
} else {
rolesRepo.insert({name: roleName, rights: roles[roleName].rights}, next);
rolesRepo.insertOne({name: roleName, rights: roles[roleName].rights}, cb);
}
});
}, function (error) {
Expand All @@ -628,6 +638,10 @@ module.exports = function (options) {
}
}]
}, function (error, results) {
if (error) {
console.log(error);
}

callback(null, results);
});
};
Expand All @@ -639,21 +653,23 @@ module.exports = function (options) {
* @param acl
* @returns {*|Array|boolean}
*/
self.checkAccessToRoute = function (route, acl) {
self.checkAccessToRoute = function (route, verb, acl) {
route = route || '';
acl = acl || [];

var keys = Object.keys(acl);
var i, len = keys.length;
var hasAccess = false;
for (i = 0; i < len; i++) {
if (acl[keys[i]].route === route) {
hasAccess = acl[keys[i]].hasAccess;
break;
}
}

return hasAccess;
acl = acl || {};

return !!acl[getRouteNameWithVerb(route, verb)];

//var keys = Object.keys(acl);
//var i, len = keys.length;
//var hasAccess = false;
//for (i = 0; i < len; i++) {
// if (acl[keys[i]].route === route) {
// hasAccess = acl[keys[i]].hasAccess;
// break;
// }
//}
//
//return hasAccess;
};

/**
Expand Down Expand Up @@ -758,7 +774,7 @@ module.exports = function (options) {
next(null, tokenData);
}],
saveAccessData: ['getTokenData', function (next, results) {
tokensRepo.insert(results.getTokenData, next);
tokensRepo.insertOne(results.getTokenData, next);
}],
createWebToken: ['saveAccessData', function (next, results) {
next(null, jwt.encode({accessId: results.getTokenData.access_id}, config.WEB_TOKEN.secret));
Expand All @@ -769,10 +785,14 @@ module.exports = function (options) {
}

var routes = [];
//_.forIn(results.getTokenData.user_acl.rest, function (val, key) {
// if (results.getTokenData.user_acl.rest[key].hasAccess === true) {
// routes.push(results.getTokenData.user_acl.rest[key].route);
// }
//});

_.forIn(results.getTokenData.user_acl.rest, function (val, key) {
if (results.getTokenData.user_acl.rest[key].hasAccess === true) {
routes.push(results.getTokenData.user_acl.rest[key].route);
}
routes.push(key);
});

var roles = [];
Expand Down
8 changes: 6 additions & 2 deletions scripts/setup.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,20 @@ var options = {};
options.config = config;

var mongo = require('../lib/start.d/lxMongoDb');
mongo(options, function() {
mongo(options, function () {

var auth = require('../lib/start.d/lxAuth');
auth(options, function () {

console.log('Refreshing rights in database..');

options.auth.refreshRightsInDb(function () {
options.auth.refreshRightsInDb(function (err, res) {
options.db.disconnect();

if (res.processRoles) {
console.log('Rights created: ' + res.processRoles);
}

console.log('Done.');
});
});
Expand Down

0 comments on commit 38f5483

Please sign in to comment.