Oak-Team
/
oak-general-business
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 38 Wiki Activity
oak-general-business/es/checkers/user.js

81 lines
2.8 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import { judgeRelation } from "oak-domain/lib/store/relation";
import { OakInputIllegalException, OakUserUnpermittedException } from "oak-domain/lib/types";
import { checkFilterContains } from 'oak-domain/lib/store/filter';
const checkers = [
{
type: 'row',
action: 'remove',
entity: 'user',
filter: {
userState: 'shadow',
}
},
{
type: 'logical',
action: ['remove', 'disable', 'enable'],
entity: 'user',
checker: (operation, context) => {
// 只有root才能进行操作
if (!context.isRoot()) {
throw new OakUserUnpermittedException('user', { id: 'disable', action: 'disable', data: {} });
}
}
},
{
type: 'data',
action: 'grant',
entity: 'user',
checker: (data) => {
if (Object.keys(data).filter(ele => !ele.includes('$')).length > 0) {
throw new OakInputIllegalException('user', Object.keys(data), '授权不允许传入其它属性');
}
}
},
{
type: 'row',
action: 'disable',
entity: 'user',
filter: {
isRoot: false,
},
errMsg: '不能禁用root用户',
},
];
export default checkers;
export const UserCheckers = [
{
entity: 'user',
action: 'update',
type: 'logical',
checker: (operation, context) => {
// 在大部分应用中除了root其他人不应该有权利更新其他人信息但是shadow用户应当除外
// 但这些条件不一定对所有的应用都成立应用如果有更复杂的用户相互更新策略就不要引入这个checker
// 这也是个例子如何对user这样的特殊对象进行权限控制
const userId = context.getCurrentUserId();
if (context.isRoot()) {
return;
}
const { filter, data } = operation;
for (const attr in data) {
const rel = judgeRelation(context.getSchema(), 'user', attr);
if (rel !== 1) {
throw new OakUserUnpermittedException('user', operation, '您不能更新他人信息');
}
}
const result = checkFilterContains('user', context, {
id: userId,
}, filter, true);
if (result instanceof Promise) {
return result.then((r) => {
if (!r) {
throw new OakUserUnpermittedException('user', operation, '您不能更新他人信息');
}
});
}
if (!result) {
throw new OakUserUnpermittedException('user', operation, '您不能更新他人信息');
}
},
}
];
Reference in New Issue View Git Blame Copy Permalink