Acl testing

server/boot/access-control.js

@@ -19,8 +19,7 @@ module.exports = function(app) {
           process.nextTick(function() {
             cb(null, false);
           });
-        }
-    
+        }   
 
         switch (context.modelName){
             case 'end_user':
@@ -33,35 +32,14 @@ module.exports = function(app) {
                 return reject();
         }
 
-        // // if the target model is not project
-        // if (context.modelName !== 'project') {
-        //   return reject();
-        // }
-    
-        // do not allow anonymous users
         var userId = context.accessToken.userId;
         if (!userId) {
           return reject();
         }
-        else{
-            console.log("USER ID ::",userId)
-        }
-    
-        console.log("ROLE ::", role)
-
-        console.log("CONTEXT MODEL ::", context.model)
-        console.log("CONTEXT ID ::", context.id)
   
-        // check if userId is in team table for the given project id
         context.model.findById(userId, function(err, model) {
 
             app.models.EndUser.findById(userId, function(err2, user){
-                console.log("ERR ::", err)
-                console.log("ERR 2::", err2)
-                console.log("MODEL ::", model)
-
-                console.log("ENDUSER MODEL", user)
-
                 if (err || err2 || !user || !model)
                     return reject();
                 if(user.permission !== role)
@@ -74,51 +52,38 @@ module.exports = function(app) {
 
 
     Role.registerResolver('user', function(role, context, cb) {
-      function reject() {
-        process.nextTick(function() {
-          cb(null, false);
-        });
-      }
-  
-      switch (context.modelName){
-        case 'end_user':
-            break;
-        case 'geolocation':
-            break;
-        case 'category':
-            break;
-        default:
-            return reject();
-        }
+        function reject() {
+          process.nextTick(function() {
+            cb(null, false);
+          });
+        }   
 
-        // // if the target model is not project
-        // if (context.modelName !== 'project') {
-        //   return reject();
-        // }
+        switch (context.modelName){
+            case 'end_user':
+                break;
+            case 'geolocation':
+                break;
+            case 'category':
+                break;
+            default:
+                return reject();
+        }
 
-        // do not allow anonymous users
         var userId = context.accessToken.userId;
         if (!userId) {
-            return reject();
+          return reject();
         }
+  
+        context.model.findById(userId, function(err, model) {
 
-        // check if userId is in team table for the given project id
-        context.model.findById(context.modelId, function(err, model) {
-            if (err || !model)
-                return reject();
-
-            var EndUser = app.models.EndUser;
-            EndUser.count({
-                ownerId: model.ownerId,
-                memberId: userId
-            }, function(err, count) {
-                if (err) {
-                    console.log(err);
-                    return cb(null, false);
-                }
-
-                cb(null, count > 0); // true = is a team member
-            });
+            app.models.EndUser.findById(userId, function(err2, user){
+                if (err || err2 || !user || !model)
+                    return reject();
+                if(user.permission !== role)
+                    return reject();
+                else 
+                    return cb(null,true)
+            })            
         });
     });
   };
\ No newline at end of file