drapi-police-gforms-abilities
Version:
policy to add or remove abilities to see in gforms
80 lines (66 loc) • 3.19 kB
JavaScript
//const drapiModels = require('drapi/lib/models')
var getTableRole = async (ctx) => {
var request = require('koa2-request');
var roles = [];
try {
var url = global.drapiConfig.services.permissions.host + '/table_role_ability/abilitiesByPriority';
var response = await request({ url: url, headers: {apikey:ctx.headers.apikey} });
if (!response.body) { throw new Error("No answer for abilities / invalid apikey"); }
return response.body;
} catch (e) {
ctx.throw("Error*** " + e);
}
}
var filterPermissionPerTable = (_table, _configField, _abilitiesArray) => {
let abilitiesArray = _abilitiesArray || [];
//console.log('abilities Array',abilitiesArray);
abilitiesArray = JSON.parse(JSON.stringify(abilitiesArray.filter(_x =>
(typeof (_x.rule) != 'undefined' || x.rule != null) &&
(typeof (_x.field_evaluated) != 'undefined' || _x.field_evaluated != null) &&
(typeof (_x.value_evaluated) != 'undefined' || _x.value_evaluated != null) &&
(typeof (_x.field_table) != 'undefined' || _x.field_table != null) &&
(_x.table == _table) &&
(_x.direction == 0)
)));
let _newConfigField = JSON.parse(JSON.stringify(_configField));
/* check update */
let cantEdit = abilitiesArray.filter(x => x.ability.name == "actualizar_general");
/* hide button UPDATE */
if (cantEdit.length) { _newConfigField.hideUpdateButton = _newConfigField.hideUpdateButton = !!cantEdit; }
/* check delete */
let cantDelete = abilitiesArray.filter(x => x.ability.name == "eliminar_general");
/* hide button DELETE */
if (cantDelete.length) { _newConfigField.hideDeleteButton = !!cantDelete; }
/* check ADD */
let cantAdd = abilitiesArray.filter(x => x.ability.name == "crear_general");
/* hide button ADD */
if (cantAdd.length) { _newConfigField.hideAddButton = !!cantAdd; }
return _newConfigField;
}
var filterStructureAbilities = (_structureObj, _abilitiesArray) => {
let _newStructure = {};
Object.keys(_structureObj).map(_key => {
_newStructure[_key] = filterPermissionPerTable(_key, _structureObj[_key], _abilitiesArray);
});
//console.log('prueba',_)
return _newStructure;
}
var interceptor = async function (ctx, next) {
await next();
let arrayUrl = ctx.request.url.split("/");
let model = arrayUrl[1];
if (model == global.drapiConfig.models.modelAttributesDefinitionModel) {
let structure = JSON.parse(ctx.body.structure);
let abilitiesArray = await getTableRole(ctx);
abilitiesArray=JSON.parse(abilitiesArray);
let _newStructure = filterStructureAbilities(structure, abilitiesArray);
//Find permission for current table
let currentTable=arrayUrl[2].split("?")[0];
let _selfTablePermissions=filterPermissionPerTable(currentTable,{}, abilitiesArray);
_selfTablePermissions.hidden=true;
//Adding the self permission table to the new structure
_newStructure._selfTablePermissions=_selfTablePermissions;
ctx.body.structure = JSON.stringify(_newStructure);
}
};
module.exports = interceptor;