forked from apxtri/apxtri
fix access right for create
This commit is contained in:
parent
53d8a18536
commit
2ba6787673
@ -420,7 +420,8 @@ Odmdb.search = (objectPathname, objsearch, role) => {
|
|||||||
//console.log(role);
|
//console.log(role);
|
||||||
const accessright = Odmdb.accessright(
|
const accessright = Odmdb.accessright(
|
||||||
getschema.data.schema.apxaccessrights,
|
getschema.data.schema.apxaccessrights,
|
||||||
role
|
role,
|
||||||
|
Object.keys(getschema.data.schema.properties)
|
||||||
);
|
);
|
||||||
//console.log(accessright);
|
//console.log(accessright);
|
||||||
if (objsearch.fields == "all") {
|
if (objsearch.fields == "all") {
|
||||||
@ -486,7 +487,8 @@ Odmdb.r = (objectPathname, apxid, role) => {
|
|||||||
}
|
}
|
||||||
const accessright = Odmdb.accessright(
|
const accessright = Odmdb.accessright(
|
||||||
getschema.data.schema.apxaccessrights,
|
getschema.data.schema.apxaccessrights,
|
||||||
role
|
role,
|
||||||
|
Object.keys(getschema.data.schema.properties)
|
||||||
);
|
);
|
||||||
if (!accessright.R) {
|
if (!accessright.R) {
|
||||||
return {
|
return {
|
||||||
@ -516,26 +518,24 @@ Odmdb.r = (objectPathname, apxid, role) => {
|
|||||||
* @returns access right to C create if present, to read (properties list or all if empty), to Update properties list or all if empty, D elete
|
* @returns access right to C create if present, to read (properties list or all if empty), to Update properties list or all if empty, D elete
|
||||||
* example: {"C":[],"R":[properties list],"U":[properties ist],"D":[]}
|
* example: {"C":[],"R":[properties list],"U":[properties ist],"D":[]}
|
||||||
*/
|
*/
|
||||||
Odmdb.accessright = (apxaccessrights, role) => {
|
Odmdb.accessright = (apxaccessrights, role, properties) => {
|
||||||
//if (log) console.log(currentmod,"apxaccessrights",apxaccessrights)
|
//if (log) console.log(currentmod,"apxaccessrights",apxaccessrights)
|
||||||
//if (log) console.log(currentmod,"role",role)
|
//if (log) console.log(currentmod,"role",role)
|
||||||
|
//if (log) console.log(currentmod,"properties",properties)
|
||||||
const accessright = {};
|
const accessright = {};
|
||||||
console.log();
|
console.log();
|
||||||
role.xprofils.forEach((p) => {
|
role.xprofils.forEach(p => {
|
||||||
if (apxaccessrights[p]) {
|
if (apxaccessrights[p]) {
|
||||||
Object.keys(apxaccessrights[p]).forEach((act) => {
|
Object.keys(apxaccessrights[p]).forEach(act => {
|
||||||
|
if (apxaccessrights[p][act].length===0) apxaccessrights[p][act]=properties;
|
||||||
if (!accessright[act]) {
|
if (!accessright[act]) {
|
||||||
accessright[act] = apxaccessrights[p][act];
|
accessright[act] = apxaccessrights[p][act];
|
||||||
} else {
|
} else {
|
||||||
if (accessright[act].length != 0) {
|
|
||||||
//case where [] that mean all accessright on any properties
|
|
||||||
accessright[act] = [
|
accessright[act] = [
|
||||||
...new Set([...accessright[act], ...apxaccessrights[p][act]]),
|
...new Set([...accessright[act], ...apxaccessrights[p][act]]),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
}
|
})
|
||||||
//if (log) console.log(currentmod,act,accessright[act])
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
return accessright;
|
return accessright;
|
||||||
@ -619,14 +619,13 @@ Odmdb.cud = (objectPathname, crud, itm, role, runindex = true) => {
|
|||||||
//get accessright {C:[],R:[],U:[],D:[]} if exist means authorize, if array contain properties (for R and U) right is only allowed on properties
|
//get accessright {C:[],R:[],U:[],D:[]} if exist means authorize, if array contain properties (for R and U) right is only allowed on properties
|
||||||
const accessright = Odmdb.accessright(
|
const accessright = Odmdb.accessright(
|
||||||
getschema.data.schema.apxaccessrights,
|
getschema.data.schema.apxaccessrights,
|
||||||
role
|
role,
|
||||||
|
Object.keys(getschema.data.schema.properties)
|
||||||
);
|
);
|
||||||
|
Object.keys(accessright).forEach(act=>{
|
||||||
|
if (accessright[act].length===0) accessright[act]=Object.keys(getschema.data.schema.properties)
|
||||||
|
})
|
||||||
if (log) console.log(currentmod, "Accessright to: ", accessright);
|
if (log) console.log(currentmod, "Accessright to: ", accessright);
|
||||||
if (getschema.data.schema.apxaccessrights.contextrules) {
|
|
||||||
//Need to check context to validate accessright
|
|
||||||
//require('../../')
|
|
||||||
}
|
|
||||||
if (
|
if (
|
||||||
(crud == "C" && !accessright.C) ||
|
(crud == "C" && !accessright.C) ||
|
||||||
(crud == "D" && !accessright.D) ||
|
(crud == "D" && !accessright.D) ||
|
||||||
@ -653,7 +652,7 @@ Odmdb.cud = (objectPathname, crud, itm, role, runindex = true) => {
|
|||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
// if Create Update erase old version
|
// if Create Update erase old version
|
||||||
let itmtostore = itm;
|
let itmtostore={};
|
||||||
if (crud == "U" && accessright.U.length > 0) {
|
if (crud == "U" && accessright.U.length > 0) {
|
||||||
itmtostore = itmold;
|
itmtostore = itmold;
|
||||||
const keynotallow = Object.keys(itm).filter(
|
const keynotallow = Object.keys(itm).filter(
|
||||||
@ -667,10 +666,20 @@ Odmdb.cud = (objectPathname, crud, itm, role, runindex = true) => {
|
|||||||
//console.log(accessright)
|
//console.log(accessright)
|
||||||
accessright.U.forEach(async (p) => {
|
accessright.U.forEach(async (p) => {
|
||||||
// check this propertie exist in the requested update itm
|
// check this propertie exist in the requested update itm
|
||||||
if (itm[p] && itm[p] != "") itmtostore[p] = itm[p];
|
if (itm[p] && itm[p] !== "") itmtostore[p] = itm[p];
|
||||||
});
|
});
|
||||||
itmtostore.dt_update = dayjs().toISOString();
|
itmtostore.dt_update = dayjs().toISOString();
|
||||||
}
|
}
|
||||||
|
if (crud == "C"){
|
||||||
|
const keynotallow = Object.keys(itm).filter(
|
||||||
|
(el) => !accessright.C.includes(el)
|
||||||
|
);
|
||||||
|
accessright.C.forEach(async (p) => {
|
||||||
|
// check this propertie exist in the requested update itm
|
||||||
|
if (itm[p] && itm[p] !== "") itmtostore[p] = itm[p];
|
||||||
|
});
|
||||||
|
itmtostore.dt_create = dayjs().toISOString();
|
||||||
|
}
|
||||||
Object.keys(itmtostore).forEach((k) => {
|
Object.keys(itmtostore).forEach((k) => {
|
||||||
// remove empty itmtostore in case they are =>
|
// remove empty itmtostore in case they are =>
|
||||||
console.log(k, itmtostore[k], itmtostore[k] === "");
|
console.log(k, itmtostore[k], itmtostore[k] === "");
|
||||||
@ -707,11 +716,10 @@ Odmdb.cud = (objectPathname, crud, itm, role, runindex = true) => {
|
|||||||
fs.writeFileSync(`${objectPathname}/${filenameimg}`, imgb64, {
|
fs.writeFileSync(`${objectPathname}/${filenameimg}`, imgb64, {
|
||||||
encoding: "base64",
|
encoding: "base64",
|
||||||
});
|
});
|
||||||
itmtostore[k] = "";
|
delete itmtostore[k];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
if (crud == "C") itmtostore.dt_create = dayjs().toISOString();
|
|
||||||
// check consistency of datatostore
|
// check consistency of datatostore
|
||||||
//console.log("itmstostore::::::", itmtostore);
|
//console.log("itmstostore::::::", itmtostore);
|
||||||
const chkdata = Checkjson.schema.data(
|
const chkdata = Checkjson.schema.data(
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user