1 | const httpError = require('http-errors')
|
2 | const objectDiff = require('../utils/object-diff')
|
3 |
|
4 | class ACLInterface {
|
5 | constructor(acl, args, defaultAction) {
|
6 | if (!acl) throw new Error('ACLInterface: missing input `acl`')
|
7 | if (!args) throw new Error('ACLInterface: missing input `args`')
|
8 | if (!defaultAction)
|
9 | throw new Error('ACLInterface: missing input `defaultAction`')
|
10 |
|
11 | let { items, inputItems, relation, context: queryContext } = args
|
12 | const {
|
13 | _user: user,
|
14 | _opts: opts,
|
15 | _action,
|
16 | _resource: resource,
|
17 | _authorize: authorize,
|
18 | _class: ModelClass,
|
19 | _diffInputFromResource: diffInputFromResource
|
20 | } = queryContext
|
21 |
|
22 | if (!authorize) return
|
23 |
|
24 |
|
25 | const InputClass = relation ? relation.relatedModelClass : ModelClass
|
26 |
|
27 |
|
28 |
|
29 | if (resource) {
|
30 | const resourceList = Array.isArray(resource) ? resource : [resource]
|
31 | items = resourceList.map(resource =>
|
32 | resource instanceof ModelClass
|
33 | ? resource
|
34 | : ModelClass.fromJson(resource, { skipValidation: true })
|
35 | )
|
36 | } else if (!items.length) items = [new ModelClass()]
|
37 |
|
38 | Object.assign(this, {
|
39 | acl,
|
40 | items,
|
41 | inputItems: inputItems.length ? inputItems : [new InputClass()],
|
42 | user,
|
43 | action: _action || defaultAction,
|
44 | opts,
|
45 | relation,
|
46 | authorize,
|
47 | ModelClass,
|
48 | InputClass,
|
49 | diffInputFromResource
|
50 | })
|
51 | }
|
52 |
|
53 |
|
54 | checkAccess() {
|
55 | if (!this.authorize) return
|
56 | this.items.forEach(item => {
|
57 | this.inputItems.forEach(inputItem => {
|
58 |
|
59 |
|
60 |
|
61 | if (this.diffInputFromResource) {
|
62 | inputItem = objectDiff(item, inputItem)
|
63 | if (this.opts.castDiffToModelClass)
|
64 | inputItem = this.InputClass.fromJson(inputItem, {
|
65 | skipValidation: true
|
66 | })
|
67 | }
|
68 |
|
69 | if (!this._checkIndividualAccess(item, inputItem))
|
70 | throw httpError(
|
71 | this.user.role === this.opts.defaultRole
|
72 | ? this.opts.unauthenticatedErrorCode
|
73 | : this.opts.unauthorizedErrorCode
|
74 | )
|
75 | })
|
76 | })
|
77 | }
|
78 |
|
79 | |
80 |
|
81 |
|
82 |
|
83 |
|
84 |
|
85 |
|
86 | _checkIndividualAccess(item, inputItem) {
|
87 | throw new Error('Override this method before use!')
|
88 | }
|
89 |
|
90 | |
91 |
|
92 |
|
93 |
|
94 |
|
95 |
|
96 | get allowedFields() {
|
97 | throw new Error('Override this method before use!')
|
98 | }
|
99 | }
|
100 |
|
101 | module.exports = ACLInterface
|