sails-permissions - npm Package Compare versions

Comparing version 1.1.3 to 1.2.0

api/hooks/sails-permissions.js

@@ -85,5 +85,2 @@ var permissionPolicies = [
     })
-    .then(function (permissions) {
-      return null;
-    })
     .catch(function (error) {
@@ -90,0 +87,0 @@ sails.log.error(error);

api/models/Permission.js

@@ -46,3 +46,4 @@ /**
         'role',
-        'owner'
+        'owner',
+        'user'
       ],
@@ -59,7 +60,17 @@ defaultsTo: 'role',
       model: 'Role',
-      required: true
+      // Validate manually
+      //required: true
     },
 
     /**
-     * A list of criteria.  If any of the criteria match the request, the action is allowed.  
+     * The User to which this Permission grants create, read, update, and/or
+     * delete privileges.
+     */
+    user: {
+      model: 'User'
+      // Validate manually
+    },
+
+    /**
+     * A list of criteria.  If any of the criteria match the request, the action is allowed.
      * If no criteria are specified, it is ignored altogether.
@@ -71,3 +82,2 @@ */
     }
-
   },
@@ -85,2 +95,11 @@
       }
+
+      if (permission.relation == 'user' && permission.user == "") {
+        next(new Error('A Permission with relation user MUST have the user attribute set'));
+      }
+
+      if (permission.relation == 'role' && permission.role == "") {
+        next(new Error('A Permission with relation role MUST have the role attribute set'));
+      }
+
       next();
@@ -87,0 +106,0 @@ }

api/models/User.js

@@ -12,2 +12,6 @@ var _ = require('lodash');
       dominant: true
+    },
+    permissions: {
+      collection: "Permission",
+      via: "user"
     }
@@ -14,0 +18,0 @@ },

api/policies/AuditPolicy.js

@@ -16,3 +16,3 @@ var fnv = require('fnv-plus');
     model: req.options.modelIdentity,
-    user: req.user.id
+    user: (req.user || {}).id
   }).exec(_.identity);
@@ -19,0 +19,0 @@

api/policies/RolePolicy.js

@@ -29,4 +29,8 @@ /**
   PermissionService.findTargetObjects(req)
-    .then(function(objects) {
-      if (PermissionService.hasForeignObjects(objects, req.user)) {
+    .then(function (objects) {
+      this.objects = objects;
+      return PermissionService.isAllowedToPerformAction(this.objects, req.user, action, ModelService.getTargetModelName(req), req.body);
+    })
+    .then(function(canPerform) {
+      if (PermissionService.hasForeignObjects(objects, req.user) && !canPerform) {
         return res.badRequest({
@@ -33,0 +37,0 @@ error: 'Cannot perform action [' + action + '] on foreign object'

api/services/PermissionService.js

@@ -75,3 +75,6 @@ var Promise = require('bluebird');
           action: action,
-          role: _.pluck(user.roles, 'id')
+          or: [
+            {user: user.id},
+            {role: _.pluck(user.roles, 'id')}
+          ]
         }).populate('criteria');
@@ -245,3 +248,3 @@ });
    * TODO should this work with multiple roles?
-   * @param usernames {string or string array} - list of names of users 
+   * @param usernames {string or string array} - list of names of users
    * @param rolename {string} - the name of the role that the users should be added to
@@ -251,3 +254,3 @@ */
     if (_.isEmpty(usernames)) {
-       return Promise.reject(new Error('One or more usernames must be provided')); 
+       return Promise.reject(new Error('One or more usernames must be provided'));
     }
@@ -275,3 +278,3 @@
     if (_.isEmpty(usernames)) {
-       return Promise.reject(new Error('One or more usernames must be provided')); 
+       return Promise.reject(new Error('One or more usernames must be provided'));
     }
@@ -314,3 +317,50 @@
     return ok;
+  },
+
+    /**
+     * Check if the user (out of role) is granted to perform action on given objects
+     * @param objects
+     * @param user
+     * @param action
+     * @param model
+     * @param body
+     * @returns {*}
+     */
+  isAllowedToPerformAction: function (objects, user, action, model, body) {
+    if (!_.isArray(objects)) {
+      return PermissionService.isAllowedToPerformSingle(user.id, action, model, body)(objects);
+    }
+    return new Promise.map(objects, PermissionService.isAllowedToPerformSingle(user.id, action, model, body));
+  },
+
+    /**
+     * Resolve if the user have the permission to perform this action
+     * @param user
+     * @param action
+     * @param model
+     * @param body
+     * @returns {Function}
+     */
+  isAllowedToPerformSingle: function (user, action, model, body) {
+    return function (obj) {
+      return new Promise(function (resolve, reject) {
+        Model.findOne({
+          identity: model
+        }).then(function (model) {
+          return Permission.find({
+            model: model.id,
+            action: action,
+            relation: 'user',
+            user: user
+          }).populate('criteria');
+        }).then(function (permission) {
+          if (permission.length > 0 && PermissionService.hasPassingCriteria(obj, permission, body)) {
+            resolve(true);
+          } else {
+            resolve(false);
+          }
+        }).catch(reject);
+      });
+    }
   }
 };

package.json

 {
   "name": "sails-permissions",
-  "version": "1.1.3",
+  "version": "1.2.0",
   "description": "Comprehensive user permissions and entitlements system for sails.js and Waterline. Supports user authentication with passport.js, role-based permissioning, object ownership, and row-level security.",
@@ -42,5 +42,3 @@ "main": "index.js",
     "sails": ">0.10.0",
-    "sails-auth": "*",
     "sails-disk": "^0.10.7",
-    "sails-docgen": "^0.10.4",
     "supertest": "^0.15.0"
@@ -51,9 +49,8 @@ },
     "fnv-plus": "^1.2.10",
+    "lodash": "^3.10.0",
     "pluralize": "^1.0.1",
+    "sails-auth": "^1.2.6",
     "sails-generate-entities": "latest",
     "waterline-criteria": "^0.11.1"
   },
-  "peerDependencies": {
-    "lodash": ">2.4.0"
-  },
   "engines": {
@@ -60,0 +57,0 @@ "node": ">= 0.10",

README.md

@@ -12,3 +12,3 @@ # <img src="http://cdn.tjw.io/images/sails-logo.png" height='43px' />-permissions
 ```sh
-$ npm install sails-permissions --save
+$ npm install sails-permissions sails-auth --save
 ```
@@ -58,3 +58,4 @@
     'PermissionPolicy',
-    'RolePolicy'
+    'RolePolicy',
+    'CriteriaPolicy'
   ],
@@ -61,0 +62,0 @@

test/unit/controllers/PermissionController.test.js

@@ -29,13 +29,32 @@ var assert = require('assert');
         agent
-          .post('/auth/local')
+          .post("/permission")
+          .set('Authorization', adminAuth.Authorization)
           .send({
-            identifier: 'newuser1',
-            password: 'lalalal1234'
+            model: 2,
+            criteria: {
+              where: {
+                id: 1
+              }
+            },
+            action: "delete",
+            relation: "user",
+            user: 2
           })
-          .expect(200)
-          .end(function (err, res) {
+          .expect(201, function (err) {
+            if (err)
+              return done(err);
 
-            agent.saveCookies(res);
+            agent
+              .post('/auth/local')
+              .send({
+                identifier: 'newuser1',
+                password: 'lalalal1234'
+              })
+              .expect(200)
+              .end(function (err, res) {
 
-            return done(err);
+                agent.saveCookies(res);
+
+                return done(err);
+              });
           });
@@ -73,2 +92,18 @@
 
+    describe('User with Registered Role and granted to delete Permission 1', function () {
+      describe("#delete()", function () {
+        it('should be able to delete permission 1', function (done) {
+          agent
+            .delete("/permission/1")
+            .expect(200)
+            .end(function (err, res) {
+                var permissions = res.body;
+
+                assert.ifError(permissions.error);
+                done(err || permissions.error);
+            });
+        });
+      });
+    });
+
   });
@@ -75,0 +110,0 @@

test/unit/controllers/UserController.test.js

@@ -85,3 +85,3 @@ var assert = require('assert');
           })
-          .expect(500)
+          .expect(400)
           .end(function(err) {
@@ -88,0 +88,0 @@ done(err);

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

87515

increased by0.36%

Dev dependency count

7

decreased by-22.22%

Lines of code

2380

increased by4.43%

Number of lines in readme file

79

increased by1.28%

Worsened metrics

Dependency count

7

increased by16.67%

Number of package files

61

decreased by-1.61%

Dependency changes

• + Addedlodash@^3.10.0

• + Addedsails-auth@^1.2.6

• + Addedbase64url@3.0.1(transitive)

• + Addedoauth@0.10.00.9.15(transitive)

• + Addedpassport-facebook@1.0.3(transitive)

• + Addedpassport-google-oauth@0.2.0(transitive)

• + Addedpassport-oauth@1.0.0(transitive)

• + Addedpassport-oauth1@1.3.0(transitive)

• + Addedpassport-oauth2@1.8.0(transitive)

• + Addedpassport-strategy@1.0.0(transitive)

• + Addedpassport-twitter@1.0.4(transitive)

• + Addedpkginfo@0.3.1(transitive)

• + Addedsails-auth@1.3.1(transitive)

• + Addeduid2@0.0.4(transitive)

• + Addedutils-merge@1.0.1(transitive)

• + Addedxmldom@0.1.31(transitive)

• + Addedxtraverse@0.1.0(transitive)

• - Removedlodash@4.17.21(transitive)