flag to return of not soft denied entities

rjrodger · Jan 23, 2015 · 453ddb0 · 453ddb0
1 parent 1ebceef
commit 453ddb0
Showing 1 changed file with 12 additions and 17 deletions.
diff --git a/lib/ACLMicroservicesBuilder.js b/lib/ACLMicroservicesBuilder.js
@@ -50,7 +50,6 @@ function ACLMicroservicesBuilder(seneca) {
   this._executeListPermissionsWrapper = function(args, callback) {
 
     if(args.perm$) {
-
       debug(JSON.stringify(args))
       self._executeListPermissions(args, callback)
 
@@ -117,7 +116,7 @@ ACLMicroservicesBuilder.prototype._executeRemovePermissions = function(args, cal
 
   if(args.q.id) {
 
-    this.ACLMicroservicesBuilder._loadAndAuthorize(entityDef, args.q.id, args.cmd, roles, context, function(err, dbEntity) {
+    this.ACLMicroservicesBuilder._loadAndAuthorize(entityDef, args.q.id, args.cmd, roles, context, args.showSoftDenied$, function(err, dbEntity) {
 
       if(err) {
 
@@ -161,7 +160,7 @@ ACLMicroservicesBuilder.prototype._executeReadPermissions = function(args, callb
     } else {
       // console.log('ENTITY', entity)
       // console.log('CONTEXT', context)
-      self._deepAuthorize(entityDef, entity, args.cmd, args.cmd, roles, context, true, function(err, entity) {
+      self._deepAuthorize(entityDef, entity, args.cmd, args.cmd, roles, context, true, args.showSoftDenied$, function(err, entity) {
         callback(err, entity)
       })
 
@@ -209,7 +208,7 @@ ACLMicroservicesBuilder.prototype._executeListPermissions = function(args, callb
       }
 
       for(var i = 0 ; i < entities.length ; i++) {
-        self._deepAuthorize(entityDef, entities[i], args.cmd, args.cmd, roles, context, true, processAuthResultForEntity)
+        self._deepAuthorize(entityDef, entities[i], args.cmd, args.cmd, roles, context, true, args.showSoftDenied$, processAuthResultForEntity)
       }
 
     } else {
@@ -230,7 +229,7 @@ ACLMicroservicesBuilder.prototype._executeSavePermissions = function(args, callb
 
   if(args.ent.id) { // update
 
-    self.ACLMicroservicesBuilder._loadAndAuthorize(entityDef, args.ent.id, args.cmd, roles, context, function(err, dbEntity) {
+    self.ACLMicroservicesBuilder._loadAndAuthorize(entityDef, args.ent.id, args.cmd, roles, context, args.showSoftDenied$, function(err, dbEntity) {
 
       if(err) {
 
@@ -239,7 +238,7 @@ ACLMicroservicesBuilder.prototype._executeSavePermissions = function(args, callb
       } else {
 
         // also execute permission checks on the new attributes
-        self.ACLMicroservicesBuilder._deepAuthorize(entityDef, args.ent, args.cmd, 'save_new', roles, context, true, function(err, filteredEntity) {
+        self.ACLMicroservicesBuilder._deepAuthorize(entityDef, args.ent, args.cmd, 'save_new', roles, context, true, args.showSoftDenied$, function(err, filteredEntity) {
 
           if(err) {
 
@@ -270,7 +269,7 @@ ACLMicroservicesBuilder.prototype._executeSavePermissions = function(args, callb
 
   } else { // create
 
-    self.ACLMicroservicesBuilder._deepAuthorize(entityDef, args.ent, args.cmd, 'save_new', roles, context, true, function(err, filteredEntity) {
+    self.ACLMicroservicesBuilder._deepAuthorize(entityDef, args.ent, args.cmd, 'save_new', roles, context, true, args.showSoftDenied$, function(err, filteredEntity) {
 
       if(err) {
         callback(err, undefined)
@@ -294,7 +293,7 @@ ACLMicroservicesBuilder.prototype._executeSavePermissions = function(args, callb
 
 }
 
-ACLMicroservicesBuilder.prototype._loadAndAuthorize = function(entityDef, entityId, action, roles, context, callback) {
+ACLMicroservicesBuilder.prototype._loadAndAuthorize = function(entityDef, entityId, action, roles, context, showSoftDenied, callback) {
 
   var self = this
 
@@ -311,7 +310,7 @@ ACLMicroservicesBuilder.prototype._loadAndAuthorize = function(entityDef, entity
       ruleAction = action
     }
 
-    self._deepAuthorize(entityDef, dbEntity, action, ruleAction, roles, context, false, function(err, entity) {
+    self._deepAuthorize(entityDef, dbEntity, action, ruleAction, roles, context, false, showSoftDenied, function(err, entity) {
       callback(err, err ? undefined : dbEntity)
     })
   })
@@ -335,7 +334,7 @@ ACLMicroservicesBuilder.prototype._filter = function(entityDef, entity, action,
   }
 }
 
-ACLMicroservicesBuilder.prototype._deepAuthorize = function(entityDef, entity, action, ruleAction, roles, context, applyFilters, callback) {
+ACLMicroservicesBuilder.prototype._deepAuthorize = function(entityDef, entity, action, ruleAction, roles, context, applyFilters, showSoftDenied, callback) {
   var self = this
 
   var aclProcedure = AccessControlProcedure.getProcedureForEntity(self._ACLProcedureResolver, entityDef, action)
@@ -362,11 +361,11 @@ ACLMicroservicesBuilder.prototype._deepAuthorize = function(entityDef, entity, a
         if(applyFilters) {
           aclProcedure.applyFilters(authDecision.filters, entity, action)
         }
-
+        
         if(inheritDetails) {
 
           // TODO: log
-          self._loadAndAuthorize(inheritDetails.entity, inheritDetails.id, action, roles, context, function(err, inheritedEntity) {
+          self._loadAndAuthorize(inheritDetails.entity, inheritDetails.id, action, roles, context, showSoftDenied, function(err, inheritedEntity) {
 
             if(err) {
               callback(err, undefined)
@@ -380,14 +379,10 @@ ACLMicroservicesBuilder.prototype._deepAuthorize = function(entityDef, entity, a
           //TODO: log auth granted
           callback(undefined, entity)
 
-        } else if(!authDecision.authorize && !authDecision.hard && action === 'list') {
+        } else if(!authDecision.authorize && !authDecision.hard && showSoftDenied) {
           entity = removeEntityFields(allowedFields, entity)
           callback(undefined, entity)
-
-        } else if(!authDecision.authorize && authDecision.hard && action === 'list') {
-          callback(error(self._seneca, authDecision), undefined)
         } else {
-
           // TODO: log
           callback(error(self._seneca, authDecision), undefined)
         }