@modular-rest/server 1.8.0 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package-lock.json +1373 -0
- package/package.json +4 -2
- package/src/application.js +58 -40
- package/src/class/directory.js +50 -51
- package/src/class/security.js +32 -17
- package/src/class/user.js +98 -83
- package/src/config.js +63 -0
- package/src/helper/data_insertion.js +12 -72
- package/src/helper/presetup_services.js +2 -14
- package/src/services/data_provider/router.js +490 -402
- package/src/services/data_provider/service.js +29 -14
- package/src/services/user_manager/db.js +2 -37
- package/src/services/user_manager/permissionManager.js +43 -0
- package/src/services/user_manager/service.js +9 -39
|
@@ -11,6 +11,7 @@ let permissionDefinitions = {};
|
|
|
11
11
|
|
|
12
12
|
let triggers = require("../../class/trigger_operator");
|
|
13
13
|
let TypeCasters = require("./typeCasters");
|
|
14
|
+
const { config } = require("../../config");
|
|
14
15
|
|
|
15
16
|
/**
|
|
16
17
|
*
|
|
@@ -132,7 +133,11 @@ function _getPermissionList(db, collection, operationType) {
|
|
|
132
133
|
|
|
133
134
|
if (!permissionDefinitions.hasOwnProperty(db)) return permissionList;
|
|
134
135
|
|
|
135
|
-
|
|
136
|
+
try {
|
|
137
|
+
permissionDefinition = permissionDefinitions[db][collection];
|
|
138
|
+
} catch (error) {
|
|
139
|
+
return permissionList;
|
|
140
|
+
}
|
|
136
141
|
|
|
137
142
|
permissionDefinition.permissionList.forEach((permission) => {
|
|
138
143
|
if (permission.onlyOwnData == true) {
|
|
@@ -147,30 +152,40 @@ function _getPermissionList(db, collection, operationType) {
|
|
|
147
152
|
return permissionList;
|
|
148
153
|
}
|
|
149
154
|
|
|
155
|
+
/**
|
|
156
|
+
* Check access to a collection.
|
|
157
|
+
* @param {string} db - The database name.
|
|
158
|
+
* @param {string} collection - The collection name.
|
|
159
|
+
* @param {string} operationType - The operation type.
|
|
160
|
+
* @param {object} queryOrDoc - The query or document.
|
|
161
|
+
* @param {import('../../class/user')} user - The user.
|
|
162
|
+
* @returns {boolean} The access result.
|
|
163
|
+
*/
|
|
150
164
|
function checkAccess(db, collection, operationType, queryOrDoc, user) {
|
|
151
165
|
let key = false;
|
|
152
|
-
const permissionList = _getPermissionList(db, collection, operationType);
|
|
153
166
|
|
|
154
|
-
|
|
155
|
-
|
|
167
|
+
const collectionPermissionList = _getPermissionList(
|
|
168
|
+
db,
|
|
169
|
+
collection,
|
|
170
|
+
operationType
|
|
171
|
+
);
|
|
172
|
+
|
|
173
|
+
collectionPermissionList.forEach((permission) => {
|
|
174
|
+
const collectionPermissionType = permission.type;
|
|
156
175
|
|
|
157
176
|
if (permission.onlyOwnData == true) {
|
|
158
177
|
const userId = user.id;
|
|
159
178
|
|
|
160
179
|
try {
|
|
161
|
-
|
|
162
|
-
queryOrDoc[permission.ownerIdField].toString() === userId.toString()
|
|
163
|
-
)
|
|
164
|
-
key = true;
|
|
180
|
+
key =
|
|
181
|
+
queryOrDoc[permission.ownerIdField].toString() === userId.toString();
|
|
165
182
|
} catch (error) {
|
|
166
183
|
key = false;
|
|
167
184
|
}
|
|
168
|
-
} else if (operationType == AccessTypes.read) {
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
if (permission.write && user.permission[permissionType] == true)
|
|
173
|
-
key = true;
|
|
185
|
+
} else if (operationType == AccessTypes.read && permission.read) {
|
|
186
|
+
key = user.hasPermission(collectionPermissionType);
|
|
187
|
+
} else if (operationType == AccessTypes.write && permission.write) {
|
|
188
|
+
key = user.permission[collectionPermissionType];
|
|
174
189
|
}
|
|
175
190
|
});
|
|
176
191
|
|
|
@@ -4,36 +4,14 @@ var Schema = mongoose.Schema;
|
|
|
4
4
|
let CollectionDefinition = require("../../class/collection_definition");
|
|
5
5
|
let { Permission, PermissionTypes } = require("../../class/security");
|
|
6
6
|
|
|
7
|
-
/**
|
|
8
|
-
* Permission schema
|
|
9
|
-
*
|
|
10
|
-
* This schema is generated dynamically
|
|
11
|
-
* by combining default & custom permissions.
|
|
12
|
-
*/
|
|
13
|
-
let permissionSchemaConstructorOption = {
|
|
14
|
-
title: String,
|
|
15
|
-
isAnonymous: { type: Boolean, default: false },
|
|
16
|
-
isDefault: { type: Boolean, default: false },
|
|
17
|
-
};
|
|
18
|
-
Object.keys(new PermissionTypes()).forEach((key) => {
|
|
19
|
-
let fieldOption = { type: Boolean, default: false };
|
|
20
|
-
permissionSchemaConstructorOption[key] = fieldOption;
|
|
21
|
-
});
|
|
22
|
-
|
|
23
|
-
let permissionSchema = new Schema(permissionSchemaConstructorOption);
|
|
24
|
-
permissionSchema.index({ title: 1 }, { unique: true });
|
|
25
|
-
|
|
26
7
|
let authSchema = new Schema({
|
|
27
|
-
|
|
28
|
-
type: Schema.Types.ObjectId,
|
|
29
|
-
ref: "permission",
|
|
30
|
-
required: false,
|
|
31
|
-
},
|
|
8
|
+
permissionGroup: String,
|
|
32
9
|
email: String,
|
|
33
10
|
phone: String,
|
|
34
11
|
password: String,
|
|
35
12
|
type: { type: String, default: "user", enum: ["user", "anonymous"] },
|
|
36
13
|
});
|
|
14
|
+
|
|
37
15
|
authSchema.index({ email: 1 }, { unique: true });
|
|
38
16
|
authSchema.pre(["save", "updateOne"], function (next) {
|
|
39
17
|
// Encode the password before saving
|
|
@@ -56,17 +34,4 @@ module.exports = [
|
|
|
56
34
|
}),
|
|
57
35
|
],
|
|
58
36
|
}),
|
|
59
|
-
|
|
60
|
-
new CollectionDefinition({
|
|
61
|
-
db: "cms",
|
|
62
|
-
collection: "permission",
|
|
63
|
-
schema: permissionSchema,
|
|
64
|
-
permissions: [
|
|
65
|
-
new Permission({
|
|
66
|
-
type: PermissionTypes.advanced_settings,
|
|
67
|
-
read: true,
|
|
68
|
-
write: true,
|
|
69
|
-
}),
|
|
70
|
-
],
|
|
71
|
-
}),
|
|
72
37
|
];
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
const { config } = require("../../config");
|
|
2
|
+
|
|
3
|
+
function getDefaultPermissionGroups() {
|
|
4
|
+
const defaultPermissionGroups = config.permissionGroups.find(
|
|
5
|
+
(group) => group.isDefault
|
|
6
|
+
);
|
|
7
|
+
|
|
8
|
+
if (defaultPermissionGroups == null) {
|
|
9
|
+
throw new Error("Default permission group not found");
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
return defaultPermissionGroups;
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
function getDefaultAnonymousPermissionGroup() {
|
|
16
|
+
const anonymousPermission = config.permissionGroups.find(
|
|
17
|
+
(group) => group.isAnonymous
|
|
18
|
+
);
|
|
19
|
+
|
|
20
|
+
if (anonymousPermission == null) {
|
|
21
|
+
throw new Error("Anonymous permission group not found");
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
return anonymousPermission;
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
function getDefaultAdministratorPermissionGroup() {
|
|
28
|
+
const administratorPermission = config.permissionGroups.find(
|
|
29
|
+
(group) => group.title.toString() == "administrator"
|
|
30
|
+
);
|
|
31
|
+
|
|
32
|
+
if (administratorPermission == null) {
|
|
33
|
+
throw new Error("Administrator permission group not found");
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
return administratorPermission;
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
module.exports = {
|
|
40
|
+
getDefaultPermissionGroups,
|
|
41
|
+
getDefaultAnonymousPermissionGroup,
|
|
42
|
+
getDefaultAdministratorPermissionGroup,
|
|
43
|
+
};
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
let User = require("../../class/user");
|
|
2
2
|
const DataProvider = require("../data_provider/service");
|
|
3
3
|
const JWT = require("../jwt/service");
|
|
4
|
+
const { getDefaultPermissionGroups } = require("./permissionManager");
|
|
4
5
|
|
|
5
6
|
class UserManager {
|
|
6
7
|
constructor() {
|
|
@@ -42,7 +43,6 @@ class UserManager {
|
|
|
42
43
|
let userDoc = await userModel
|
|
43
44
|
.findOne({ _id: id })
|
|
44
45
|
.select({ password: 0 })
|
|
45
|
-
.populate("permission")
|
|
46
46
|
.exec()
|
|
47
47
|
.catch(reject);
|
|
48
48
|
|
|
@@ -75,7 +75,6 @@ class UserManager {
|
|
|
75
75
|
let userDoc = await userModel
|
|
76
76
|
.findOne(query)
|
|
77
77
|
.select({ password: 0 })
|
|
78
|
-
.populate("permission")
|
|
79
78
|
.exec()
|
|
80
79
|
.catch(reject);
|
|
81
80
|
|
|
@@ -93,21 +92,9 @@ class UserManager {
|
|
|
93
92
|
* Get a user by their token.
|
|
94
93
|
* @param {string} token - The token of the user.
|
|
95
94
|
* @returns {Promise<User>} A promise that resolves to the user.
|
|
96
|
-
* @throws {string} If the user has a wrong permission.
|
|
97
95
|
*/
|
|
98
96
|
getUserByToken(token) {
|
|
99
|
-
return JWT.main.verify(token)
|
|
100
|
-
let user = payload;
|
|
101
|
-
let permission = await DataProvider.getCollection("cms", "permission")
|
|
102
|
-
.findOne({ _id: user.permission })
|
|
103
|
-
.exec()
|
|
104
|
-
.then();
|
|
105
|
-
|
|
106
|
-
if (!permission) throw "user has a wrong permission";
|
|
107
|
-
|
|
108
|
-
user.permission = permission;
|
|
109
|
-
return user;
|
|
110
|
-
});
|
|
97
|
+
return JWT.main.verify(token);
|
|
111
98
|
}
|
|
112
99
|
|
|
113
100
|
/**
|
|
@@ -155,11 +142,7 @@ class UserManager {
|
|
|
155
142
|
else if (idType == "email") query["email"] = id;
|
|
156
143
|
|
|
157
144
|
// Get from database
|
|
158
|
-
const gottenFromDB = await userModel
|
|
159
|
-
.findOne(query)
|
|
160
|
-
.populate("permission")
|
|
161
|
-
.exec()
|
|
162
|
-
.catch(reject);
|
|
145
|
+
const gottenFromDB = await userModel.findOne(query).exec().catch(reject);
|
|
163
146
|
|
|
164
147
|
if (!gottenFromDB) reject("user not found");
|
|
165
148
|
// Token
|
|
@@ -193,11 +176,7 @@ class UserManager {
|
|
|
193
176
|
const query = { email: email };
|
|
194
177
|
|
|
195
178
|
// Get from database
|
|
196
|
-
const gottenFromDB = await userModel
|
|
197
|
-
.findOne(query)
|
|
198
|
-
.populate("permission")
|
|
199
|
-
.exec()
|
|
200
|
-
.catch(reject);
|
|
179
|
+
const gottenFromDB = await userModel.findOne(query).exec().catch(reject);
|
|
201
180
|
|
|
202
181
|
if (!gottenFromDB) reject("user not found");
|
|
203
182
|
|
|
@@ -230,7 +209,6 @@ class UserManager {
|
|
|
230
209
|
// Get from database
|
|
231
210
|
let gottenFromDB = await userModel
|
|
232
211
|
.findOne(query)
|
|
233
|
-
.populate("permission")
|
|
234
212
|
.exec()
|
|
235
213
|
.then()
|
|
236
214
|
.catch(reject);
|
|
@@ -333,20 +311,12 @@ class UserManager {
|
|
|
333
311
|
registerUser(detail) {
|
|
334
312
|
return new Promise(async (done, reject) => {
|
|
335
313
|
// get default permission
|
|
336
|
-
|
|
337
|
-
let perM = DataProvider.getCollection("cms", "permission");
|
|
338
|
-
|
|
339
|
-
let pQuery = { isDefault: true };
|
|
340
|
-
|
|
341
|
-
if (detail.type == "anonymous") pQuery = { isAnonymous: true };
|
|
342
|
-
|
|
343
|
-
await perM
|
|
344
|
-
.findOne(pQuery, "_id")
|
|
345
|
-
.exec()
|
|
346
|
-
.then((doc) => (permissionId = doc._id))
|
|
347
|
-
.catch(reject);
|
|
314
|
+
detail.permissionGroup = getDefaultPermissionGroups().title;
|
|
348
315
|
|
|
349
|
-
detail.
|
|
316
|
+
if (!detail.permissionGroup) {
|
|
317
|
+
reject("default permission group not found");
|
|
318
|
+
return;
|
|
319
|
+
}
|
|
350
320
|
|
|
351
321
|
let authM = DataProvider.getCollection("cms", "auth");
|
|
352
322
|
return User.createFromModel(authM, detail)
|