@inspire-platform/sails-hook-permissions
Version:
Comprehensive user permissions and entitlements system for sails.js and Waterline. Supports user authentication with passport.js, role-based permissioning, object ownership, and row-level security.
163 lines (133 loc) • 5.94 kB
JavaScript
;
var _createClass = (function () { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ('value' in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function (Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; })();
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { 'default': obj }; }
function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError('Cannot call a class as a function'); } }
var _path = require('path');
var _path2 = _interopRequireDefault(_path);
var _lodash = require('lodash');
var _lodash2 = _interopRequireDefault(_lodash);
var permissionPolicies = ['passport', 'sessionAuth', 'ModelPolicy', 'OwnerPolicy', 'PermissionPolicy', 'RolePolicy'];
var Permissions = (function () {
function Permissions(sails) {
_classCallCheck(this, Permissions);
this.sails = sails;
}
/**
* This is the hook.
*
* @param sails
* @returns {{configure: configure, initialize: initialize}}
*/
_createClass(Permissions, [{
key: 'initialize',
value: function initialize(next) {
var _this = this;
var config = this.sails.config.permissions;
this.sails.after('hook:auth:loaded', function () {
if (!_this.validateDependencies()) {
_this.sails.log.error('Cannot find @inspire-platform/sails-hook-auth hook. Did you "npm install @inspire-platform/sails-hook-auth --save"?');
_this.sails.log.error('Please see README for installation instructions: https://github.com/conceptainc/sails-hook-permissions');
return _this.sails.lower();
}
if (!_this.validatePolicyConfig()) {
_this.sails.log.warn('One or more required policies are missing.');
_this.sails.log.warn('Please see README for installation instructions: https://github.com/conceptainc/sails-hook-permissions');
}
});
this.sails.after('hook:orm:loaded', function () {
sails.models.model.find().then(function (models) {
if (models.length === _lodash2['default'].keys(_this.sails.models).length) {
_this.sails.hooks.permissions._modelCache = _lodash2['default'].indexBy(models, 'identity');
return next();
}
return _this.initializeFixtures().then(function () {
next();
});
})['catch'](function (error) {
_this.sails.log.error(error);
next(error);
});
});
}
}, {
key: 'validatePolicyConfig',
value: function validatePolicyConfig() {
var policies = this.sails.config.policies;
return _lodash2['default'].all([_lodash2['default'].isArray(policies['*']), _lodash2['default'].intersection(permissionPolicies, policies['*']).length === permissionPolicies.length, policies.AuthController && _lodash2['default'].contains(policies.AuthController['*'], 'passport')]);
}
/**
* Install the application. Sets up default Roles, Users, Models, and
* Permissions, and creates an admin user.
*/
}, {
key: 'initializeFixtures',
value: function initializeFixtures() {
var _this2 = this;
var fixturesPath = _path2['default'].resolve(__dirname, '../../../config/fixtures/');
return require(_path2['default'].resolve(fixturesPath, 'model')).createModels().then(function (models) {
_this2.models = models;
_this2.sails.hooks.permissions._modelCache = _lodash2['default'].indexBy(models, 'identity');
return require(_path2['default'].resolve(fixturesPath, 'role')).create(_this2.sails.config.permissions);
}).then(function (roles) {
_this2.roles = roles;
var userModel = _lodash2['default'].find(_this2.models, { name: 'User' });
return require(_path2['default'].resolve(fixturesPath, 'user')).create(_this2.roles, userModel);
}).then(function () {
return sails.models.user.findOne({ email: _this2.sails.config.permissions.adminUser.email });
}).then(function (user) {
_this2.sails.log('sails-hook-permissions: created admin user:', user);
return User.update({
id: user.id
}, {
createdBy: user.id,
owner: user.id
}).meta({
fetch: true
});
}).then(function (admin) {
return require(_path2['default'].resolve(fixturesPath, 'permission')).create(_this2.roles, _this2.models, admin, _this2.sails.config.permissions);
})['catch'](function (error) {
_this2.sails.log.error(error);
});
}
}, {
key: 'validateDependencies',
value: function validateDependencies() {
return !!this.sails.hooks.auth;
}
}]);
return Permissions;
})();
module.exports = function (sails) {
var permissions = new Permissions(sails);
return {
defaults: {
__configKey__: {
adminUser: {
username: process.env.ADMIN_USERNAME || 'admin',
email: process.env.ADMIN_EMAIL || 'admin@example.com',
password: process.env.ADMIN_PASSWORD || 'admin1234'
},
defaultRoles: {
admin: true,
registered: true,
'public': true
},
defaultRole: 'registered',
basePermissions: {
self: [],
global: []
}
}
},
configure: function configure() {
// get config
var config = sails.config[this.configKey];
},
initialize: function initialize(next) {
sails.after('hook:auth:loaded', function () {
return permissions.initialize(next);
});
}
};
};