From 453ddb07f65ffc1576217aec3cbe051c8491622f Mon Sep 17 00:00:00 2001 From: Nicolas Herment Date: Fri, 23 Jan 2015 09:45:16 +0000 Subject: [PATCH] flag to return of not soft denied entities --- lib/ACLMicroservicesBuilder.js | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/lib/ACLMicroservicesBuilder.js b/lib/ACLMicroservicesBuilder.js index 210f5c1..bc5a1ee 100644 --- a/lib/ACLMicroservicesBuilder.js +++ b/lib/ACLMicroservicesBuilder.js @@ -50,7 +50,6 @@ function ACLMicroservicesBuilder(seneca) { this._executeListPermissionsWrapper = function(args, callback) { if(args.perm$) { - debug(JSON.stringify(args)) self._executeListPermissions(args, callback) @@ -117,7 +116,7 @@ ACLMicroservicesBuilder.prototype._executeRemovePermissions = function(args, cal if(args.q.id) { - this.ACLMicroservicesBuilder._loadAndAuthorize(entityDef, args.q.id, args.cmd, roles, context, function(err, dbEntity) { + this.ACLMicroservicesBuilder._loadAndAuthorize(entityDef, args.q.id, args.cmd, roles, context, args.showSoftDenied$, function(err, dbEntity) { if(err) { @@ -161,7 +160,7 @@ ACLMicroservicesBuilder.prototype._executeReadPermissions = function(args, callb } else { // console.log('ENTITY', entity) // console.log('CONTEXT', context) - self._deepAuthorize(entityDef, entity, args.cmd, args.cmd, roles, context, true, function(err, entity) { + self._deepAuthorize(entityDef, entity, args.cmd, args.cmd, roles, context, true, args.showSoftDenied$, function(err, entity) { callback(err, entity) }) @@ -209,7 +208,7 @@ ACLMicroservicesBuilder.prototype._executeListPermissions = function(args, callb } for(var i = 0 ; i < entities.length ; i++) { - self._deepAuthorize(entityDef, entities[i], args.cmd, args.cmd, roles, context, true, processAuthResultForEntity) + self._deepAuthorize(entityDef, entities[i], args.cmd, args.cmd, roles, context, true, args.showSoftDenied$, processAuthResultForEntity) } } else { @@ -230,7 +229,7 @@ ACLMicroservicesBuilder.prototype._executeSavePermissions = function(args, callb if(args.ent.id) { // update - self.ACLMicroservicesBuilder._loadAndAuthorize(entityDef, args.ent.id, args.cmd, roles, context, function(err, dbEntity) { + self.ACLMicroservicesBuilder._loadAndAuthorize(entityDef, args.ent.id, args.cmd, roles, context, args.showSoftDenied$, function(err, dbEntity) { if(err) { @@ -239,7 +238,7 @@ ACLMicroservicesBuilder.prototype._executeSavePermissions = function(args, callb } else { // also execute permission checks on the new attributes - self.ACLMicroservicesBuilder._deepAuthorize(entityDef, args.ent, args.cmd, 'save_new', roles, context, true, function(err, filteredEntity) { + self.ACLMicroservicesBuilder._deepAuthorize(entityDef, args.ent, args.cmd, 'save_new', roles, context, true, args.showSoftDenied$, function(err, filteredEntity) { if(err) { @@ -270,7 +269,7 @@ ACLMicroservicesBuilder.prototype._executeSavePermissions = function(args, callb } else { // create - self.ACLMicroservicesBuilder._deepAuthorize(entityDef, args.ent, args.cmd, 'save_new', roles, context, true, function(err, filteredEntity) { + self.ACLMicroservicesBuilder._deepAuthorize(entityDef, args.ent, args.cmd, 'save_new', roles, context, true, args.showSoftDenied$, function(err, filteredEntity) { if(err) { callback(err, undefined) @@ -294,7 +293,7 @@ ACLMicroservicesBuilder.prototype._executeSavePermissions = function(args, callb } -ACLMicroservicesBuilder.prototype._loadAndAuthorize = function(entityDef, entityId, action, roles, context, callback) { +ACLMicroservicesBuilder.prototype._loadAndAuthorize = function(entityDef, entityId, action, roles, context, showSoftDenied, callback) { var self = this @@ -311,7 +310,7 @@ ACLMicroservicesBuilder.prototype._loadAndAuthorize = function(entityDef, entity ruleAction = action } - self._deepAuthorize(entityDef, dbEntity, action, ruleAction, roles, context, false, function(err, entity) { + self._deepAuthorize(entityDef, dbEntity, action, ruleAction, roles, context, false, showSoftDenied, function(err, entity) { callback(err, err ? undefined : dbEntity) }) }) @@ -335,7 +334,7 @@ ACLMicroservicesBuilder.prototype._filter = function(entityDef, entity, action, } } -ACLMicroservicesBuilder.prototype._deepAuthorize = function(entityDef, entity, action, ruleAction, roles, context, applyFilters, callback) { +ACLMicroservicesBuilder.prototype._deepAuthorize = function(entityDef, entity, action, ruleAction, roles, context, applyFilters, showSoftDenied, callback) { var self = this var aclProcedure = AccessControlProcedure.getProcedureForEntity(self._ACLProcedureResolver, entityDef, action) @@ -362,11 +361,11 @@ ACLMicroservicesBuilder.prototype._deepAuthorize = function(entityDef, entity, a if(applyFilters) { aclProcedure.applyFilters(authDecision.filters, entity, action) } - + if(inheritDetails) { // TODO: log - self._loadAndAuthorize(inheritDetails.entity, inheritDetails.id, action, roles, context, function(err, inheritedEntity) { + self._loadAndAuthorize(inheritDetails.entity, inheritDetails.id, action, roles, context, showSoftDenied, function(err, inheritedEntity) { if(err) { callback(err, undefined) @@ -380,14 +379,10 @@ ACLMicroservicesBuilder.prototype._deepAuthorize = function(entityDef, entity, a //TODO: log auth granted callback(undefined, entity) - } else if(!authDecision.authorize && !authDecision.hard && action === 'list') { + } else if(!authDecision.authorize && !authDecision.hard && showSoftDenied) { entity = removeEntityFields(allowedFields, entity) callback(undefined, entity) - - } else if(!authDecision.authorize && authDecision.hard && action === 'list') { - callback(error(self._seneca, authDecision), undefined) } else { - // TODO: log callback(error(self._seneca, authDecision), undefined) }