UNPKG

nitrogen-core

Version:

Core services used across ingestion, registry, and consumption servers.

github.com/nitrogenjs/core

nitrogenjs/service

82 lines (61 loc) 2.79 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
var BaseSchema = require('./baseSchema') , core = require('../../lib') , mongoose = require('mongoose') , Schema = mongoose.Schema , sift = require('sift'); var permissionSchema = new BaseSchema(); permissionSchema.add({ // From BaseSchema: // created_at: { type: Date, default: Date.now }, issued_to: { type: Schema.Types.ObjectId, ref: 'Principal' }, principal_for: { type: Schema.Types.ObjectId, ref: 'Principal' }, expires: { type: Date }, action: { type: String, enum: ['admin', 'impersonate', 'send', 'subscribe', 'view'] }, filter: { type: String }, priority: { type: Number, required: true }, authorized: { type: Boolean, required: true } }); permissionSchema.index({ issued_to: 1 }); permissionSchema.index({ priority: 1 }); permissionSchema.index({ principal_for: 1 }); permissionSchema.path('authorized').validate(function (value) { return value === false || value === true; }, 'Permission must have valid authorized field.'); permissionSchema.set('toObject', { transform: BaseSchema.baseObjectTransform }); permissionSchema.set('toJSON', { transform: BaseSchema.baseJsonTransform }); var Permission = mongoose.model('Permission', permissionSchema); Permission.priorityComparison = function(a,b) { return a.priority - b.priority; }; Permission.prototype.expired = function() { return this.expires && Date.now() > this.expires.getTime(); }; Permission.prototype.match = function(request, obj) { if (this.expired()) { core.log.debug('permission: ' + JSON.stringify(this) + ': expired: match == false'); return false; } if (this.action && this.action !== request.action) { core.log.debug('permission: ' + JSON.stringify(this) + ': action mismatch: match == false'); return false; } if (this.issued_to && !this.issued_to.equals(request.principal)) { core.log.debug('permission: ' + JSON.stringify(this) + ': issued_to mismatch: match == false'); return false; } if (this.principal_for && (!request.principal_for || !this.principal_for.equals(request.principal_for))) { core.log.debug('permission: ' + JSON.stringify(this) + ': principal_for mismatch: match == false'); return false; } if (!this.filter) { return true; } core.log.debug('checking filter: ' + JSON.stringify(this.filter) + ' against: ' + JSON.stringify([obj])); // filter is stored as a string. if we haven't previously parsed it into an object, do that now. if (!this.filterObject) { this.filterObject = JSON.parse(this.filter); } return sift(this.filterObject, [obj]).length > 0; }; Permission.DEFAULT_PRIORITY_BASE = 2000000000; module.exports = Permission;