nodemailer/wildduck
1
1
Fork 0
mirror of https://github.com/nodemailer/wildduck.git synced 2025-10-06 20:05:58 +08:00
Code Issues Projects Releases Packages Wiki Activity

updated api listing role

Browse source
This commit is contained in:
Andris Reinman 2018-10-12 15:38:00 +03:00
parent b217568fe6
commit c9c441c01b
3 changed files with 52 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
config/roles.json
View file

@ -1,5 +1,9 @@
{ {
"root": { "root": {
"addresslisting": {
"read:any": ["*"]
},
"addresses": { "addresses": {
"create:any": ["*"], "create:any": ["*"],
"read:any": ["*"], "read:any": ["*"],
@ -12,6 +16,10 @@
"read:any": ["*"] "read:any": ["*"]
}, },
"userlisting": {
"read:any": ["*", "!audit"]
},
"users": { "users": {
"create:any": ["*", "!audit"], "create:any": ["*", "!audit"],
"read:any": ["*", "!audit"], "read:any": ["*", "!audit"],
@ -69,6 +77,10 @@
}, },
"manager": { "manager": {
"addresslisting": {
"read:any": ["*"]
},
"addresses": { "addresses": {
"create:any": ["*"], "create:any": ["*"],
"read:any": ["*"], "read:any": ["*"],
@ -81,6 +93,10 @@
"read:any": ["*"] "read:any": ["*"]
}, },
"userlisting": {
"read:any": ["*", "!audit"]
},
"users": { "users": {
"create:any": ["*", "!audit"], "create:any": ["*", "!audit"],
"read:any": ["*", "!audit"], "read:any": ["*", "!audit"],
@ -177,6 +193,10 @@
}, },
"user": { "user": {
"addresslisting": {
"read:own": ["*"]
},
"addresses": { "addresses": {
"create:own": ["*"], "create:own": ["*"],
"read:own": ["*"], "read:own": ["*"],
@ -188,6 +208,10 @@
"read:own": ["*"] "read:own": ["*"]
}, },
"userlisting": {
"read:own": ["*", "!audit"]
},
"users": { "users": {
"read:own": ["*", "!audit"], "read:own": ["*", "!audit"],
"update:own": ["*", "!audit"] "update:own": ["*", "!audit"]

16
lib/api/addresses.js
View file

@ -126,7 +126,17 @@ module.exports = (db, server) => {
} }
// permissions check // permissions check
req.validate(roles.can(req.role).readAny('addresses')); let permission;
let ownOnly = false;
permission = roles.can(req.role).readAny('addresslisting');
if (!permission.granted && req.user && ObjectID.isValid(req.user)) {
permission = roles.can(req.role).readOwn('addresslisting');
if (permission.granted) {
ownOnly = true;
}
}
// permissions check
req.validate(permission);
let query = result.value.query; let query = result.value.query;
let limit = result.value.limit; let limit = result.value.limit;
@ -180,6 +190,10 @@ module.exports = (db, server) => {
filter.tagsview = tagsview; filter.tagsview = tagsview;
} }
if (ownOnly) {
filter.user = new ObjectID(req.user);
}
let total = await db.users.collection('addresses').countDocuments(filter); let total = await db.users.collection('addresses').countDocuments(filter);
let opts = { let opts = {

15
lib/api/users.js
View file

@ -153,8 +153,15 @@ module.exports = (db, server, userHandler) => {
return next(); return next();
} }
let permission = roles.can(req.role).readAny('users'); let permission;
let ownOnly = false;
permission = roles.can(req.role).readAny('userlisting');
if (!permission.granted && req.user && ObjectID.isValid(req.user)) {
permission = roles.can(req.role).readOwn('userlisting');
if (permission.granted) {
ownOnly = true;
}
}
// permissions check // permissions check
req.validate(permission); req.validate(permission);
@ -220,6 +227,10 @@ module.exports = (db, server, userHandler) => {
filter.tagsview = tagsview; filter.tagsview = tagsview;
} }
if (ownOnly) {
filter._id = new ObjectID(req.user);
}
let total = await db.users.collection('users').countDocuments(filter); let total = await db.users.collection('users').countDocuments(filter);
let opts = { let opts = {