diff --git a/server/boot/access-control.js b/server/boot/access-control.js
index f85a2e18a6ddef4947368f53600873411d190d89..6abef2d37211bb47dfcae6ae48264e5d414b3a49 100644
--- a/server/boot/access-control.js
+++ b/server/boot/access-control.js
@@ -19,8 +19,7 @@ module.exports = function(app) {
process.nextTick(function() {
cb(null, false);
});
- }
-
+ }
switch (context.modelName){
case 'end_user':
@@ -33,35 +32,14 @@ module.exports = function(app) {
return reject();
}
- // // if the target model is not project
- // if (context.modelName !== 'project') {
- // return reject();
- // }
-
- // do not allow anonymous users
var userId = context.accessToken.userId;
if (!userId) {
return reject();
}
- else{
- console.log("USER ID ::",userId)
- }
-
- console.log("ROLE ::", role)
-
- console.log("CONTEXT MODEL ::", context.model)
- console.log("CONTEXT ID ::", context.id)
- // check if userId is in team table for the given project id
context.model.findById(userId, function(err, model) {
app.models.EndUser.findById(userId, function(err2, user){
- console.log("ERR ::", err)
- console.log("ERR 2::", err2)
- console.log("MODEL ::", model)
-
- console.log("ENDUSER MODEL", user)
-
if (err || err2 || !user || !model)
return reject();
if(user.permission !== role)
@@ -74,51 +52,38 @@ module.exports = function(app) {
Role.registerResolver('user', function(role, context, cb) {
- function reject() {
- process.nextTick(function() {
- cb(null, false);
- });
- }
-
- switch (context.modelName){
- case 'end_user':
- break;
- case 'geolocation':
- break;
- case 'category':
- break;
- default:
- return reject();
- }
+ function reject() {
+ process.nextTick(function() {
+ cb(null, false);
+ });
+ }
- // // if the target model is not project
- // if (context.modelName !== 'project') {
- // return reject();
- // }
+ switch (context.modelName){
+ case 'end_user':
+ break;
+ case 'geolocation':
+ break;
+ case 'category':
+ break;
+ default:
+ return reject();
+ }
- // do not allow anonymous users
var userId = context.accessToken.userId;
if (!userId) {
- return reject();
+ return reject();
}
+
+ context.model.findById(userId, function(err, model) {
- // check if userId is in team table for the given project id
- context.model.findById(context.modelId, function(err, model) {
- if (err || !model)
- return reject();
-
- var EndUser = app.models.EndUser;
- EndUser.count({
- ownerId: model.ownerId,
- memberId: userId
- }, function(err, count) {
- if (err) {
- console.log(err);
- return cb(null, false);
- }
-
- cb(null, count > 0); // true = is a team member
- });
+ app.models.EndUser.findById(userId, function(err2, user){
+ if (err || err2 || !user || !model)
+ return reject();
+ if(user.permission !== role)
+ return reject();
+ else
+ return cb(null,true)
+ })
});
});
};
\ No newline at end of file
diff --git a/server/boot/hook.js b/server/boot/hook.js
new file mode 100644
index 0000000000000000000000000000000000000000..35fea512f23d9aec214aab29a2b292e02e33a9f1
--- /dev/null
+++ b/server/boot/hook.js
@@ -0,0 +1,11 @@
+module.exports = function(server) {
+ var remotes = server.remotes();
+ // modify all returned values
+ remotes.after('**', function (ctx, next) {
+ ctx.result = {
+ result: ctx.result
+ };
+
+ next();
+ });
+ };
\ No newline at end of file