hola-server 1.0.8 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/core/meta.js +1 -1
  2. package/package.json +1 -1
  3. package/router/delete.js +3 -2
  4. package/router/read.js +7 -5
package/core/meta.js CHANGED
@@ -319,7 +319,7 @@ class EntityMeta {
319
319
 
320
320
  this.roles.forEach(role => {
321
321
  const role_config = role.split(":");
322
- if (role_config.length != 2) {
322
+ if (!(role_config.length == 2 || role_config.length == 3)) {
323
323
  throw new Error("wrong role config [" + role + "] in meta [" + this.collection + "]. You should use : to seperate the role name with mode.");
324
324
  }
325
325
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hola-server",
3
- "version": "1.0.8",
3
+ "version": "1.0.9",
4
4
  "description": "a meta programming framework used to build nodejs restful api",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/router/delete.js CHANGED
@@ -1,7 +1,7 @@
1
1
  const { required_post_params } = require('../http/params');
2
2
  const { has_value } = require('../core/validate');
3
3
  const { NO_PARAMS, NO_RIGHTS } = require('../http/code');
4
- const { check_user_role } = require('../core/role');
4
+ const { get_user_role_right } = require('../core/role');
5
5
  const { is_owner } = require('../http/session');
6
6
  const { oid_query } = require('../db/db');
7
7
  const { wrap_http } = require('../http/error');
@@ -16,7 +16,8 @@ const init_delete_router = function (router, meta) {
16
16
  const entity = new Entity(meta);
17
17
 
18
18
  router.post('/delete', wrap_http(async function (req, res) {
19
- const has_right = check_user_role(req, meta, "d", "*");
19
+ const [role_mode, role_view] = get_user_role_right(req, meta);
20
+ const has_right = role_mode.includes("d");
20
21
  if (!has_right) {
21
22
  res.json({ code: NO_RIGHTS, err: "no rights error" });
22
23
  return;
package/router/read.js CHANGED
@@ -1,7 +1,7 @@
1
1
  const { required_post_params, get_params } = require('../http/params');
2
2
  const { has_value } = require('../core/validate');
3
3
  const { NO_PARAMS, SUCCESS, NO_RIGHTS } = require('../http/code');
4
- const { check_user_role, get_user_role_right } = require('../core/role');
4
+ const { get_user_role_right } = require('../core/role');
5
5
  const { get_session_userid, get_session_user_groups, is_owner } = require('../http/session');
6
6
  const { wrap_http } = require('../http/error');
7
7
  const { oid_query } = require('../db/db');
@@ -48,18 +48,20 @@ const init_read_router = function (router, meta) {
48
48
  }));
49
49
 
50
50
  router.get('/mode', wrap_http(async function (req, res) {
51
- const has_right = check_user_role(req, meta, "r", "*");
51
+ const [role_mode, role_view] = get_user_role_right(req, meta);
52
+ const has_right = role_mode.includes("r");
53
+
52
54
  if (!has_right) {
53
55
  res.json({ code: NO_RIGHTS, err: "no rights error" });
54
56
  return;
55
57
  }
56
58
 
57
- const [mode, view] = get_user_role_right(req, meta);
58
- res.json({ code: SUCCESS, mode: mode, view: view });
59
+ res.json({ code: SUCCESS, mode: role_mode, view: role_view });
59
60
  }));
60
61
 
61
62
  router.get('/ref', wrap_http(async function (req, res) {
62
- const has_right = check_user_role(req, meta, "r");
63
+ const [role_mode, role_view] = get_user_role_right(req, meta);
64
+ const has_right = role_mode.includes("r");
63
65
  if (!has_right) {
64
66
  res.json({ code: NO_RIGHTS, err: "no rights error" });
65
67
  return;