80f9023020
Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally
92 lines
2.9 KiB
JavaScript
92 lines
2.9 KiB
JavaScript
var _ = require('lodash'),
|
|
errors = require('../errors'),
|
|
ghostBookshelf = require('./base'),
|
|
when = require('when'),
|
|
|
|
Role,
|
|
Roles;
|
|
|
|
Role = ghostBookshelf.Model.extend({
|
|
|
|
tableName: 'roles',
|
|
|
|
users: function () {
|
|
return this.belongsToMany('User');
|
|
},
|
|
|
|
permissions: function () {
|
|
return this.belongsToMany('Permission');
|
|
}
|
|
}, {
|
|
/**
|
|
* Returns an array of keys permitted in a method's `options` hash, depending on the current method.
|
|
* @param {String} methodName The name of the method to check valid options for.
|
|
* @return {Array} Keys allowed in the `options` hash of the model's method.
|
|
*/
|
|
permittedOptions: function (methodName) {
|
|
var options = ghostBookshelf.Model.permittedOptions(),
|
|
|
|
// whitelists for the `options` hash argument on methods, by method name.
|
|
// these are the only options that can be passed to Bookshelf / Knex.
|
|
validOptions = {
|
|
findOne: ['withRelated']
|
|
};
|
|
|
|
if (validOptions[methodName]) {
|
|
options = options.concat(validOptions[methodName]);
|
|
}
|
|
|
|
return options;
|
|
},
|
|
|
|
|
|
permissable: function (roleModelOrId, context, loadedPermissions, hasUserPermission, hasAppPermission) {
|
|
var self = this,
|
|
checkAgainst = [],
|
|
origArgs;
|
|
|
|
// If we passed in an id instead of a model, get the model
|
|
// then check the permissions
|
|
if (_.isNumber(roleModelOrId) || _.isString(roleModelOrId)) {
|
|
// Grab the original args without the first one
|
|
origArgs = _.toArray(arguments).slice(1);
|
|
// Get the actual post model
|
|
return this.findOne({id: roleModelOrId, status: 'all'}).then(function (foundRoleModel) {
|
|
// Build up the original args but substitute with actual model
|
|
var newArgs = [foundRoleModel].concat(origArgs);
|
|
|
|
return self.permissable.apply(self, newArgs);
|
|
}, errors.logAndThrowError);
|
|
}
|
|
|
|
switch (loadedPermissions.user) {
|
|
case 'Owner':
|
|
case 'Administrator':
|
|
checkAgainst = ['Administrator', 'Editor', 'Author'];
|
|
break;
|
|
case 'Editor':
|
|
checkAgainst = ['Editor', 'Author'];
|
|
}
|
|
|
|
// If we have a role passed into here
|
|
if (roleModelOrId && !_.contains(checkAgainst, roleModelOrId.get('name'))) {
|
|
// Role not in the list of permissible roles
|
|
hasUserPermission = false;
|
|
}
|
|
|
|
if (hasUserPermission && hasAppPermission) {
|
|
return when.resolve();
|
|
}
|
|
return when.reject();
|
|
}
|
|
});
|
|
|
|
Roles = ghostBookshelf.Collection.extend({
|
|
model: Role
|
|
});
|
|
|
|
module.exports = {
|
|
Role: ghostBookshelf.model('Role', Role),
|
|
Roles: ghostBookshelf.collection('Roles', Roles)
|
|
};
|