mirror of
https://github.com/sudoxnym/habitica-self-host.git
synced 2026-07-14 10:12:21 +00:00
Got accessControl working!!!
This commit is contained in:
parent
cb6c6f424b
commit
0e4e306046
4 changed files with 23 additions and 19 deletions
|
|
@ -53,6 +53,7 @@ habitrpgMiddleware = function(req, res, next) {
|
|||
model.setNull('_userId', req.session.userId);
|
||||
model.set('_mobileDevice', /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(req.header('User-Agent')));
|
||||
model.set('_nodeEnv', process.env.NODE_ENV);
|
||||
require('./setupStore').accessControl(store);
|
||||
return next();
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -7,12 +7,16 @@ module.exports.queries = function(store) {
|
|||
};
|
||||
|
||||
module.exports.accessControl = function(store) {
|
||||
store.readPathAccess('users.*', function(userId, accept) {
|
||||
console.log(accept, 'read.accept');
|
||||
return accept(userId === this.session.userId);
|
||||
store.accessControl = true;
|
||||
store.readPathAccess('users.*', function(captures, next) {
|
||||
var allowed;
|
||||
allowed = captures === this.session.userId;
|
||||
return next(allowed);
|
||||
});
|
||||
return store.writeAccess('*', 'users.*', function(mutator, userId, accept) {
|
||||
console.log(accept, 'write.accept');
|
||||
return accept(userId === this.session.userId);
|
||||
return store.writeAccess('*', 'users.*', function(captures, value, next) {
|
||||
var allowed, pathArray;
|
||||
pathArray = captures.split('.');
|
||||
allowed = pathArray[0] === this.session.userId;
|
||||
return next(allowed);
|
||||
});
|
||||
};
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ derby.use(require 'racer-db-mongo')
|
|||
store = derby.createStore
|
||||
db: {type: 'Mongo', uri: process.env.NODE_DB_URI}
|
||||
listen: server
|
||||
# require('./setupStore').accessControl(store)
|
||||
|
||||
ONE_YEAR = 1000 * 60 * 60 * 24 * 365
|
||||
root = path.dirname path.dirname __dirname
|
||||
|
|
@ -42,6 +41,8 @@ habitrpgMiddleware = (req, res, next) ->
|
|||
|
||||
# same for production/development
|
||||
model.set '_nodeEnv', process.env.NODE_ENV
|
||||
|
||||
require('./setupStore').accessControl(store)
|
||||
|
||||
next()
|
||||
|
||||
|
|
|
|||
|
|
@ -4,17 +4,15 @@ module.exports.queries = (store) ->
|
|||
|
||||
module.exports.accessControl = (store) ->
|
||||
|
||||
# store.accessControl = true
|
||||
store.accessControl = true
|
||||
|
||||
# FIXME
|
||||
# getting Property 'callback' of object 0,b800598e-0cc5-41e7-931f-431b8888e07a.2,set,users.be06f5d3-5ffd-4a9a-828f-87c5f43d3562,[object Object] is not a function
|
||||
# at Object.module.exports.server._commit.res.fail (node_modules/derby/node_modules/racer/lib/txns/txns.Model.js:319:22)
|
||||
# at node_modules/derby/node_modules/racer/lib/accessControl/accessControl.Store.js:221:34
|
||||
|
||||
store.readPathAccess 'users.*', (userId, accept) ->
|
||||
console.log accept, 'read.accept'
|
||||
accept(userId == @session.userId)
|
||||
store.readPathAccess 'users.*', (captures, next) ->
|
||||
allowed = (captures == @session.userId)
|
||||
# console.log { readPathAccess: {captures:captures, sessionUserId:@session.userId, allowed:allowed, next:next} }
|
||||
next(allowed)
|
||||
|
||||
store.writeAccess '*', 'users.*', (mutator, userId, accept) ->
|
||||
console.log accept, 'write.accept'
|
||||
accept(userId == @session.userId)
|
||||
store.writeAccess '*', 'users.*', (captures, value, next) ->
|
||||
pathArray = captures.split('.')
|
||||
allowed = (pathArray[0] == @session.userId)
|
||||
# console.log { writeAccess: {captures:captures, value:value, next:next, pathArray:pathArray} }
|
||||
next(allowed)
|
||||
|
|
|
|||
Loading…
Reference in a new issue