Skip to content

Commit

Permalink
Merge pull request #3 from kozzztya/default-allow-options
Browse files Browse the repository at this point in the history 
Add default options for 'owner' rule
  • Loading branch information
@kostia-official
kostia-official committed May 9, 2017
2 parents 3fa43e4 + eb82143 commit 8b3b784
Show file tree
Hide file tree
Showing 6 changed files with 52 additions and 9 deletions.
12 changes: 9 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,11 +80,17 @@ app.configure(acl(config, { mongooseConnection: db }));
Then in config declare:

```
allow: { owner: { where: { _id: '{params.id}', model: 'posts', ownerField: 'author' } } }
allow: {
owner: {
where: { _id: '{params.id}' },
model: 'posts',
ownerField: 'author'
}
}
```

`where` - how to find needed document. Set in {} path to needed values in `req` object.
`model` - mongoose model.
`where` - how to find needed document. Set in {} path to needed values in `req` object. Default is `{ _id: '{params.id}' }`.
`model` - mongoose model. By default can be got from route url. For example `posts` on `/posts`.
`ownerField` - where you store user id?

It gets user's id from `req.payload.userId`.
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "feathers-acl",
"version": "0.6.0",
"version": "0.7.0",
"description": "Declarative ACL for FeathersJS and Express apps",
"main": "dist/index.js",
"scripts": {
Expand Down
2 changes: 1 addition & 1 deletion src/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ const denyNotAllowed = require('./deny-not-allowed');

module.exports = (configs, options = {}) => function () {
const app = this;

const check = ruleChecker(options);

if (options.jwt) app.use(jwtDecode(options.jwt));

_.forEach(configs, ({ url, method, allow }) => {
Expand Down
5 changes: 3 additions & 2 deletions src/rule-checker/rules/owner.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ module.exports = (mongooseConnection) => (payload, allow, req) => {
if (!mongooseConnection) return reject(httpError(500, 'No mongoose connection.'));

const userId = _.get(payload, 'userId');
const model = _.get(allow, 'owner.model');
const where = buildWhere(_.get(allow, 'owner.where'), req);
const model = _.get(allow, 'owner.model') || _(req.url).split('/').get('[1]');
const whereTemplate = _.get(allow, 'owner.where') || { _id: '{params.id}' };
const where = buildWhere(whereTemplate, req);
const ownerField = _.get(allow, 'owner.ownerField');

if (!userId) return reject(httpError(403, 'No user id.'));
Expand Down
2 changes: 1 addition & 1 deletion test/integration/rules.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ const config = [{
}, {
url: '/posts/:id', method: 'GET',
allow: {
owner: { where: { _id: '{params.id}' }, model: 'posts', ownerField: 'userId' },
owner: { where: { _id: '{params.id}' }, ownerField: 'userId' },
roles: ['admin']
}
}];
Expand Down
38 changes: 37 additions & 1 deletion test/unit/owner.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ const schema = new mongoose.Schema({ userId: Number, usersIds: [Number] });
const Post = db.model('posts', schema);
const fn = ownerRule(db);

test('should be resolved for owner', async (t) => {
test('should be resolved for owner with all options', async (t) => {
const userId = 1;
const post = await Post.create({ userId });
const payload = { userId };
Expand All @@ -21,6 +21,28 @@ test('should be resolved for owner', async (t) => {
t.truthy(res);
});

test('should be resolved for owner with model from url', async (t) => {
const userId = 1;
const post = await Post.create({ userId });
const payload = { userId };
const req = { params: { id: post._id }, url: '/posts' };
const allow = { owner: { where: { _id: '{params.id}' }, ownerField: 'userId' } };

const res = await fn(payload, allow, req);
t.truthy(res);
});

test('should be resolved for owner with default where', async (t) => {
const userId = 1;
const post = await Post.create({ userId });
const payload = { userId };
const req = { params: { id: post._id } };
const allow = { owner: { ownerField: 'userId', model: 'posts' } };

const res = await fn(payload, allow, req);
t.truthy(res);
});

test('should be resolved for one of many owners', async (t) => {
const userId = 1;
const post = await Post.create({ usersIds: [userId, 2, 3] });
Expand Down Expand Up @@ -94,6 +116,20 @@ test('should be 500 for wrong where', async (t) => {
}
});

test('should be error for wrong model', async (t) => {
const post = await Post.create({ userId: 1 });
const req = { params: { id: post._id } };
const payload = { userId: 2 };
const allow = { owner: { where: { _id: '{params.id}' }, ownerField: 'userId' } };

try {
const res = await fn(payload, allow, req);
t.falsy(res);
} catch (err) {
t.truthy(err);
}
});

test('should be 500 if no mongoose connection', async (t) => {
const userId = 1;
const post = await Post.create({ usersIds: [userId, 2, 3] });
Expand Down

0 comments on commit 8b3b784

Please sign in to comment.