UNPKG

sails-permissions-sequelize

Version:

Sequelize version of : Comprehensive user permissions and entitlements system for sails.js and Waterline. Supports user authentication with passport.js, role-based permissioning, object ownership, and row-level security.

github.com/tjwebb/sails-permissions

AlanFonderflick/sails-permissions-sequelize

105 lines (89 loc) 2.97 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/** * @module Permission * * @description * The actions a Role is granted on a particular Model and its attributes */ 'use strict'; function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { 'default': obj }; } var _lodash = require('lodash'); var _lodash2 = _interopRequireDefault(_lodash); module.exports = { autoCreatedBy: false, description: ['Defines a particular `action` that a `Role` can perform on a `Model`.', 'A `User` can perform an `action` on a `Model` by having a `Role` which', 'grants the necessary `Permission`.'].join(' '), attributes: { /** * The Model that this Permission applies to. */ // model: { // model: 'Model', // required: true // }, action: { type: Sequelize.ENUM('create', 'read', 'update', 'delete'), //index: true, allowNull: false }, /** * TODO remove enum and support permissions based on all controller * actions, including custom ones */ relation: { type: Sequelize.ENUM('role', 'owner', 'user'), defaultValue: 'role' } }, //index: true /** * The Role to which this Permission grants create, read, update, and/or * delete privileges. */ // role: { // model: 'Role', // // Validate manually // //required: true // }, /** * The User to which this Permission grants create, read, update, and/or * delete privileges. */ // user: { // model: 'User' // // Validate manually // }, /** * A list of criteria. If any of the criteria match the request, the action is allowed. * If no criteria are specified, it is ignored altogether. */ // criteria: { // collection: 'Criteria', // via: 'permission' // } associate: function associate() { Permission.hasMany(Criteria, { as: 'criteria' }); }, options: { tableName: 'permission', classMethods: {}, instanceMethods: {}, hooks: { afterValidate: function validateOwnerCreateTautology(permission, options, next) { if (permission.relation == 'owner' && permission.action == 'create') { next(new Error('Creating a Permission with relation=owner and action=create is tautological')); } if (permission.action === 'delete' && _lodash2['default'].filter(permission.criteria, function (criteria) { return !_lodash2['default'].isEmpty(criteria.blacklist); }).length) { next(new Error('Creating a Permission with an attribute blacklist is not allowed when action=delete')); } if (permission.relation == 'user' && permission.user === "") { next(new Error('A Permission with relation user MUST have the user attribute set')); } if (permission.relation == 'role' && permission.role === "") { next(new Error('A Permission with relation role MUST have the role attribute set')); } next(); } } } };