Start to make ACL to work

6566b819 · Henrique Varella Ehrenfried · 20e521f4 · 6566b819 · 6566b819 · 6566b819
Commit 6566b819 authored 7 years ago by Henrique Varella Ehrenfried
--- a/common/models/category.json
+++ b/common/models/category.json
@@ -27,6 +27,31 @@
      "foreignKey": "id"
    }
  },
-  "acls": [],
+  "acls": [
+    {
+      "accessType": "*",
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "DENY"
+    },
+    {
+      "accessType": "READ",
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "ALLOW"
+    },
+    {
+      "accessType": "*",
+      "principalType": "ROLE",
+      "principalId": "admin",
+      "permission": "ALLOW"
+    },
+    {
+      "accessType": "count",
+      "principalType": "ROLE",
+      "principalId": "$authenticated",
+      "permission": "ALLOW"
+    }
+  ],
  "methods": {}
 }
--- a/common/models/end_user.json
+++ b/common/models/end_user.json
@@ -36,6 +36,31 @@
      "foreignKey": "id"
    }
  },
-  "acls": [],
+  "acls": [
+    {
+      "accessType": "*",
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "DENY"
+    },
+    {
+      "accessType": "READ",
+      "principalType": "ROLE",
+      "principalId": "$owner",
+      "permission": "ALLOW"
+    },
+    {
+      "accessType": "EXECUTE",
+      "principalType": "ROLE",
+      "principalId": "$owner",
+      "permission": "ALLOW"
+    },
+    {
+      "accessType": "*",
+      "principalType": "ROLE",
+      "principalId": "admin",
+      "permission": "ALLOW"
+    }
+  ],
  "methods": {}
 }
--- a/common/models/geolocation.json
+++ b/common/models/geolocation.json
@@ -17,17 +17,17 @@
    },
    "latitude": {
      "type": "number",
+      "required": true,
      "postgresql": {
        "dataType": "float"
-      },
+      }
-      "required": true
    },
    "longitude": {
      "type": "number",
+      "required": true,
      "postgresql": {
        "dataType": "float"
-      },
+      }
-      "required": true
    },
    "android_id": {
      "type": "string"
@@ -56,6 +56,31 @@
      "foreignKey": "id"
    }
  },
-  "acls": [],
+  "acls": [
+    {
+      "accessType": "*",
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "DENY"
+    },
+    {
+      "accessType": "WRITE",
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "ALLOW"
+    },
+    {
+      "accessType": "READ",
+      "principalType": "ROLE",
+      "principalId": "$everyone",
+      "permission": "ALLOW"
+    },
+    {
+      "accessType": "*",
+      "principalType": "ROLE",
+      "principalId": "admin",
+      "permission": "ALLOW"
+    }
+  ],
  "methods": {}
 }
--- a/package.json
+++ b/package.json
--- a/server/boot/access-control.js
+++ b/server/boot/access-control.js
@@ -43,24 +43,32 @@ module.exports = function(app) {
        if (!userId) {
          return reject();
        }
+        else{
+            console.log("USER ID ::",userId)
+        }
+        console.log("ROLE ::", role)
+        console.log("CONTEXT MODEL ::", context.model)
+        console.log("CONTEXT ID ::", context.id)
        // check if userId is in team table for the given project id
-        context.model.findById(context.modelId, function(err, model) {
+        context.model.findById(userId, function(err, model) {
-            if (err || !model)
-                return reject();
-            var EndUser = app.models.EndUser;
+            app.models.EndUser.findById(userId, function(err2, user){
-            EndUser.count({
+                console.log("ERR ::", err)
-                ownerId: model.ownerId,
+                console.log("ERR 2::", err2)
-                memberId: userId
+                console.log("MODEL ::", model)
-            }, function(err, count) {
-                if (err) {
-                    console.log(err);
-                    return cb(null, false);
-                }
-                cb(null, count > 0); // true = is a team member
+                console.log("ENDUSER MODEL", user)
-            });
+                if (err || err2 || !user || !model)
+                    return reject();
+                if(user.permission !== role)
+                    return reject();
+                else 
+                    return cb(null,true)
+            })            
        });
    });

--- a/server/boot/authentication.js
+++ b/server/boot/authentication.js
@@ -2,5 +2,5 @@
 module.exports = function enableAuthentication(server) {
  // enable authentication
-  // server.enableAuth();
+  server.enableAuth();
 };