@live-change/access-control-service 0.2.43 → 0.2.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/access.js +9 -10
- package/accessControl.js +4 -2
- package/invite.js +3 -2
- package/package.json +3 -3
package/access.js
CHANGED
|
@@ -48,7 +48,7 @@ module.exports = (definition) => {
|
|
|
48
48
|
|
|
49
49
|
function clientHasAccessRoles(client, { objectType, object, objects }, roles) {
|
|
50
50
|
return checkRoles(client, { objectType, object, objects },
|
|
51
|
-
(clientRoles) => testRoles(
|
|
51
|
+
(clientRoles) => testRoles(roles, clientRoles)
|
|
52
52
|
)
|
|
53
53
|
}
|
|
54
54
|
|
|
@@ -208,21 +208,20 @@ module.exports = (definition) => {
|
|
|
208
208
|
let rolesTreesRoots = objects.map(({ object, objectType }) => treeNode(objectType, object, client))
|
|
209
209
|
|
|
210
210
|
const outputObjectId = `${JSON.stringify(client.session)}:${JSON.stringify(client.user)}:` +
|
|
211
|
-
objects.map( obj => `${JSON.stringify(objectType)}:${JSON.stringify(object)}`)
|
|
211
|
+
objects.map( obj => `${JSON.stringify(obj.objectType)}:${JSON.stringify(obj.object)}`)
|
|
212
212
|
.join(':')
|
|
213
213
|
let oldOutputObject = null
|
|
214
214
|
async function updateRoles() {
|
|
215
215
|
const roots = await Promise.all(rolesTreesRoots)
|
|
216
|
-
const
|
|
217
|
-
const
|
|
218
|
-
let roles =
|
|
219
|
-
for(const
|
|
220
|
-
roles = roles.filter(role =>
|
|
216
|
+
const accessesRoles = roots.map(root => computeNodeRoles(root))
|
|
217
|
+
const firstAccessRoles = accessesRoles.shift()
|
|
218
|
+
let roles = firstAccessRoles
|
|
219
|
+
for(const accessRoles of accessesRoles) {
|
|
220
|
+
roles = roles.filter(role => accessRoles.includes(role))
|
|
221
221
|
}
|
|
222
|
-
const accessControlRoles = computeNodeRoles()
|
|
223
222
|
const outputObject = {
|
|
224
223
|
id: outputObjectId,
|
|
225
|
-
roles: Array.from(new Set([...
|
|
224
|
+
roles: Array.from(new Set([...roles, ...client.roles]))
|
|
226
225
|
}
|
|
227
226
|
output.change(outputObject, oldOutputObject)
|
|
228
227
|
oldOutputObject = outputObject
|
|
@@ -232,7 +231,7 @@ module.exports = (definition) => {
|
|
|
232
231
|
await updateRoles()
|
|
233
232
|
}
|
|
234
233
|
})`, {
|
|
235
|
-
|
|
234
|
+
objects, parentsSourcesMap: parentsSources, client,
|
|
236
235
|
accessTableName: Access.tableName, publicAccessTableName: PublicAccess.tableName,
|
|
237
236
|
dbAccessFunctions: `(${dbAccessFunctions})`
|
|
238
237
|
}]
|
package/accessControl.js
CHANGED
|
@@ -52,9 +52,10 @@ definition.processor({
|
|
|
52
52
|
(objectType && object) ? [{ objectType, object }] : []
|
|
53
53
|
)
|
|
54
54
|
if(objects.length == 0) {
|
|
55
|
-
throw new Error('no objects for access control to work')
|
|
55
|
+
throw new Error('no objects for access control to work in view ' + viewName)
|
|
56
56
|
}
|
|
57
|
-
|
|
57
|
+
console.log("OBJECTS", objects)
|
|
58
|
+
const accessible = await access.clientHasAccessRoles(client, { objects }, config.roles)
|
|
58
59
|
if(!accessible) throw 'notAuthorized'
|
|
59
60
|
return oldGet.apply(view, args)
|
|
60
61
|
}
|
|
@@ -103,6 +104,7 @@ definition.processor({
|
|
|
103
104
|
rolesObservable.observe(rolesObserver)
|
|
104
105
|
oldRespawn.apply(observableProxy)
|
|
105
106
|
}
|
|
107
|
+
return observableProxy
|
|
106
108
|
}
|
|
107
109
|
}
|
|
108
110
|
|
package/invite.js
CHANGED
|
@@ -221,7 +221,10 @@ for(const contactType of config.contactTypes) {
|
|
|
221
221
|
access: (params, { client, context, visibilityTest }) =>
|
|
222
222
|
visibilityTest || access.clientCanInvite(client, params),
|
|
223
223
|
async execute(params, { client, service }, emit) {
|
|
224
|
+
const { [contactTypeName]: contact } = params
|
|
225
|
+
const { objectType, object } = params
|
|
224
226
|
const { roles } = params
|
|
227
|
+
|
|
225
228
|
const myRoles = await access.getClientObjectRoles(client, { objectType, object }, true)
|
|
226
229
|
if(!myRoles.includes('administrator')) {
|
|
227
230
|
for(const requestedRole of roles) {
|
|
@@ -230,8 +233,6 @@ for(const contactType of config.contactTypes) {
|
|
|
230
233
|
}
|
|
231
234
|
|
|
232
235
|
const [ fromType, from ] = client.user ? ['user_User', client.user] : ['session_Session', client.session]
|
|
233
|
-
const { [contactTypeName]: contact } = params
|
|
234
|
-
const { objectType, object } = params
|
|
235
236
|
const invitationData = { fromType, from }
|
|
236
237
|
for(const propertyName in invitationProperties) invitationData[propertyName] = params[propertyName]
|
|
237
238
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@live-change/access-control-service",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.45",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
"url": "https://www.viamage.com/"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@live-change/framework": "0.6.
|
|
24
|
+
"@live-change/framework": "0.6.11"
|
|
25
25
|
},
|
|
26
|
-
"gitHead": "
|
|
26
|
+
"gitHead": "aab9b222492335dda687dcf4a1c2794ec4fa610f"
|
|
27
27
|
}
|