From c9c441c01bb7926df8ec8fd59a23f814487e75af Mon Sep 17 00:00:00 2001 From: Andris Reinman Date: Fri, 12 Oct 2018 15:38:00 +0300 Subject: [PATCH] updated api listing role --- config/roles.json | 24 ++++++++++++++++++++++++ lib/api/addresses.js | 16 +++++++++++++++- lib/api/users.js | 15 +++++++++++++-- 3 files changed, 52 insertions(+), 3 deletions(-) diff --git a/config/roles.json b/config/roles.json index 2efc92d7..6b342be1 100644 --- a/config/roles.json +++ b/config/roles.json @@ -1,5 +1,9 @@ { "root": { + "addresslisting": { + "read:any": ["*"] + }, + "addresses": { "create:any": ["*"], "read:any": ["*"], @@ -12,6 +16,10 @@ "read:any": ["*"] }, + "userlisting": { + "read:any": ["*", "!audit"] + }, + "users": { "create:any": ["*", "!audit"], "read:any": ["*", "!audit"], @@ -69,6 +77,10 @@ }, "manager": { + "addresslisting": { + "read:any": ["*"] + }, + "addresses": { "create:any": ["*"], "read:any": ["*"], @@ -81,6 +93,10 @@ "read:any": ["*"] }, + "userlisting": { + "read:any": ["*", "!audit"] + }, + "users": { "create:any": ["*", "!audit"], "read:any": ["*", "!audit"], @@ -177,6 +193,10 @@ }, "user": { + "addresslisting": { + "read:own": ["*"] + }, + "addresses": { "create:own": ["*"], "read:own": ["*"], @@ -188,6 +208,10 @@ "read:own": ["*"] }, + "userlisting": { + "read:own": ["*", "!audit"] + }, + "users": { "read:own": ["*", "!audit"], "update:own": ["*", "!audit"] diff --git a/lib/api/addresses.js b/lib/api/addresses.js index a239faab..2a6098db 100644 --- a/lib/api/addresses.js +++ b/lib/api/addresses.js @@ -126,7 +126,17 @@ module.exports = (db, server) => { } // permissions check - req.validate(roles.can(req.role).readAny('addresses')); + let permission; + let ownOnly = false; + permission = roles.can(req.role).readAny('addresslisting'); + if (!permission.granted && req.user && ObjectID.isValid(req.user)) { + permission = roles.can(req.role).readOwn('addresslisting'); + if (permission.granted) { + ownOnly = true; + } + } + // permissions check + req.validate(permission); let query = result.value.query; let limit = result.value.limit; @@ -180,6 +190,10 @@ module.exports = (db, server) => { filter.tagsview = tagsview; } + if (ownOnly) { + filter.user = new ObjectID(req.user); + } + let total = await db.users.collection('addresses').countDocuments(filter); let opts = { diff --git a/lib/api/users.js b/lib/api/users.js index f2698c84..10e23287 100644 --- a/lib/api/users.js +++ b/lib/api/users.js @@ -153,8 +153,15 @@ module.exports = (db, server, userHandler) => { return next(); } - let permission = roles.can(req.role).readAny('users'); - + let permission; + let ownOnly = false; + permission = roles.can(req.role).readAny('userlisting'); + if (!permission.granted && req.user && ObjectID.isValid(req.user)) { + permission = roles.can(req.role).readOwn('userlisting'); + if (permission.granted) { + ownOnly = true; + } + } // permissions check req.validate(permission); @@ -220,6 +227,10 @@ module.exports = (db, server, userHandler) => { filter.tagsview = tagsview; } + if (ownOnly) { + filter._id = new ObjectID(req.user); + } + let total = await db.users.collection('users').countDocuments(filter); let opts = {