		'use strict';

		const RouteParser = require('route-parser');
		const { head } = require('ramda');

		let aclRules = [];


		const roleFilter = (rule, role) => (rule.role && rule.role === '*') \|\| (rule.role && role && rule.role === role);
		@@ -20,8 +20,7 @@ const userIdFilter = (rule, userId) => rule.userId && userId && rule.userId === userId;
		role, path, method, userId, tenant, transition,
		}) => aclRules
		}) => head(aclRules
		.filter(r => roleFilter(r, role) \|\| userIdFilter(r, userId))
		.filter(r => tenantFilter(r, tenant))
		.filter(r => pathFilter(r, path) \|\| transitionFilter(r, transition))
		.filter(r => r.method === '*' \|\| r.method === method \|\| r.method.indexOf(method) >= 0)
		.length,
		.filter(r => r.method === '*' \|\| r.method === method \|\| r.method.indexOf(method) >= 0)),

		@@ -28,0 +27,0 @@ setRules: (rules) => {

+1

-1

lib/AtrixACL.js

		@@ -15,3 +15,2 @@ 'use strict';
		filterPayloadDefinition: Joi.string().description('path to filter payload definitions file'),
		entityACLsDefinition: Joi.string().description('path to the entity ACLs definitions file'),
		allowInject: Joi.boolean().default(true).description('wheter to allow inject calls'),
		@@ -21,2 +20,3 @@ tokenResourceAccessRoleKey: Joi.string().default('pathfinder-app').description('name of the default token ressource_access.<key> to get list of user roles'),
		endpoints: Joi.array().items(Joi.string()).default([]).description('List of endpoint to apply ACLs on'),
		entityACLsDefinition: Joi.string().description('path to the entity ACLs definitions file'),
		entityACLServiceUrl: Joi.string().allow(null, '').description('the URL to ftech the entityACLs from. must provide the endpoint GET /acls/{serviceName}'),
		@@ -23,0 +23,0 @@ aclFetchInterval: Joi.number().integer().default(3000).description('Number of miliseconds to wait between entityACL refresh calls'),

+2

-2

lib/hapi-acl-plugin/handlers/assign-user-data.js

		@@ -5,3 +5,3 @@ 'use strict';
		const {
		uniq,
		uniq, pick,
		} = require('ramda');
		@@ -18,4 +18,4 @@
		});
		req.log.debug('Attached ACL auth', req.auth);
		req.log.debug('Attached ACL auth', pick(['roles', 'effectiveRoles', 'tenantIds', 'userId', 'entityACL'], req.auth));
		return next.continue();
		};

+10

-3

lib/hapi-acl-plugin/handlers/guard-requests.js

		@@ -6,2 +6,3 @@ 'use strict';
		const bypassACLs = require('../lib/bypass-acls');
		const { pick } = require('ramda');

		@@ -30,5 +31,11 @@

		const allowed = roles.some(({ tenant, role }) => atrixACL.ACL.access({
		userId, tenant, role, method, route, path,
		}));
		const allowed = roles.find(({ tenant, role }) => {
		const matching = atrixACL.ACL.access({
		userId, tenant, role, method, route, path,
		});
		if (matching) {
		atrixACL.log.debug(`Grant access to: "${path}" in auth context: ${JSON.stringify(pick(['roles', 'effectiveRoles', 'tenantIds', 'userId', 'entityACL'], req.auth), null, 2)} due to rule: ${JSON.stringify(matching, null, 2)}`); //eslint-disable-line
		}
		return !!matching;
		});
		if (allowed) {
		@@ -35,0 +42,0 @@ return next.continue();

+1

-1

package.json

+16

-0

specs/includes/entity-acls.spec-inc.js

		@@ -123,2 +123,18 @@

		it('provides access to the route', async () => {
		headers = merge(testHeaders, {
		'x-pathfinder-tenant-ids': 'ak,voegb',
		authorization: `Bearer ${generateToken({
		'pathfinder-app': {
		roles: ['voegb:editor'],
		},
		})}`,
		});
		atrixACL.setRules([{ role: 'admin', path: '/_', method: '' }]);
		const res = await svc.test
		.get('/prefix/events/42')
		.set(headers);
		expect(res.statusCode).to.equal(200);
		});

		describe('config route matching', () => {
		@@ -125,0 +141,0 @@ it('uses first matching config route', async () => {

@trigo/atrix-acl - npm Package Compare versions

New alerts