UNPKG

drapi-police-gforms-abilities

Version:

policy to add or remove abilities to see in gforms

80 lines (66 loc) 3.19 kB
//const drapiModels = require('drapi/lib/models') var getTableRole = async (ctx) => { var request = require('koa2-request'); var roles = []; try { var url = global.drapiConfig.services.permissions.host + '/table_role_ability/abilitiesByPriority'; var response = await request({ url: url, headers: {apikey:ctx.headers.apikey} }); if (!response.body) { throw new Error("No answer for abilities / invalid apikey"); } return response.body; } catch (e) { ctx.throw("Error*** " + e); } } var filterPermissionPerTable = (_table, _configField, _abilitiesArray) => { let abilitiesArray = _abilitiesArray || []; //console.log('abilities Array',abilitiesArray); abilitiesArray = JSON.parse(JSON.stringify(abilitiesArray.filter(_x => (typeof (_x.rule) != 'undefined' || x.rule != null) && (typeof (_x.field_evaluated) != 'undefined' || _x.field_evaluated != null) && (typeof (_x.value_evaluated) != 'undefined' || _x.value_evaluated != null) && (typeof (_x.field_table) != 'undefined' || _x.field_table != null) && (_x.table == _table) && (_x.direction == 0) ))); let _newConfigField = JSON.parse(JSON.stringify(_configField)); /* check update */ let cantEdit = abilitiesArray.filter(x => x.ability.name == "actualizar_general"); /* hide button UPDATE */ if (cantEdit.length) { _newConfigField.hideUpdateButton = _newConfigField.hideUpdateButton = !!cantEdit; } /* check delete */ let cantDelete = abilitiesArray.filter(x => x.ability.name == "eliminar_general"); /* hide button DELETE */ if (cantDelete.length) { _newConfigField.hideDeleteButton = !!cantDelete; } /* check ADD */ let cantAdd = abilitiesArray.filter(x => x.ability.name == "crear_general"); /* hide button ADD */ if (cantAdd.length) { _newConfigField.hideAddButton = !!cantAdd; } return _newConfigField; } var filterStructureAbilities = (_structureObj, _abilitiesArray) => { let _newStructure = {}; Object.keys(_structureObj).map(_key => { _newStructure[_key] = filterPermissionPerTable(_key, _structureObj[_key], _abilitiesArray); }); //console.log('prueba',_) return _newStructure; } var interceptor = async function (ctx, next) { await next(); let arrayUrl = ctx.request.url.split("/"); let model = arrayUrl[1]; if (model == global.drapiConfig.models.modelAttributesDefinitionModel) { let structure = JSON.parse(ctx.body.structure); let abilitiesArray = await getTableRole(ctx); abilitiesArray=JSON.parse(abilitiesArray); let _newStructure = filterStructureAbilities(structure, abilitiesArray); //Find permission for current table let currentTable=arrayUrl[2].split("?")[0]; let _selfTablePermissions=filterPermissionPerTable(currentTable,{}, abilitiesArray); _selfTablePermissions.hidden=true; //Adding the self permission table to the new structure _newStructure._selfTablePermissions=_selfTablePermissions; ctx.body.structure = JSON.stringify(_newStructure); } }; module.exports = interceptor;