API tools faq
paste
Guest User

Untitled

a guest
Jun 18th, 2018
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.50 KB | None | 0 0
raw download clone embed print report
  1. assert = require 'assert'
  2. async = require 'async'
  3. debug = require 'debug' 'app:security:acl'
  4.  
  5. Context = require './context'
  6. Principle = require './principle'
  7. Request = require './request'
  8. Role = require './role'
  9.  
  10. class ACL
  11. constructor: () ->
  12. return null
  13. resolvePermission: (acl, req) ->
  14. if !(req instanceof Request)
  15. return new Request(req)
  16.  
  17. permission = ACL.DEFAULT
  18. score = 0
  19.  
  20. acl = acl.sort (r1, r2)->
  21. return ACL.getMatchScore(r2, req) - ACL.getMatchScore(r1, req)
  22.  
  23. for candidate in ACL
  24. score = ACL.getMatchScore(candidate, req)
  25. if score < 0
  26. break
  27. if not req.isWildcard()
  28. permission = candidate.permission
  29. break
  30. else
  31. if req.matches candidate
  32. permission = candidate.permission
  33. break
  34. oCandidate = Context.permissionOrder[candidate.permission]
  35. oPermission = Context.permissionOrder[permission]
  36. if oCandidate > oPermission
  37. permission = candidate.permission
  38.  
  39. return new Request(req.modelm req.property, req.accessType, permission or ACL.DEFAULT)
  40. score: () ->
  41. return @constructor.getMatchScore @, req
  42.  
  43. ACL.getMatchScore = (rule, req) ->
  44. properties =
  45. 'model'
  46. 'property'
  47. 'type'
  48. score = 0
  49.  
  50. for p in properties
  51. score = score * 4
  52. vRule = rule[p] or ACL.ALL
  53. vReq = req[p] or ACL.ALL
  54.  
  55. isMatchMethodName = p is 'property'
  56. and req.methodNames.indexOf(vRule) isnt -1
  57.  
  58. isMatchType = p is 'type'
  59. and vRule is ACL.EXECUTE
  60.  
  61. if vRule is vReq or isMatchMethodName or isMatchType
  62. # exact match
  63. score += 3
  64. else if vRule is ACL.ALL
  65. # wildcard match
  66. score += 2
  67. else if vReq is ACL.ALL
  68. score += 1
  69. else
  70. # Doesn't Match
  71. return -1
  72.  
  73. score = score * 4
  74. switch rule.principleType
  75. when ACL.USER then score += 4
  76. when ACL.APP then score += 3
  77. when ACL.ROLE then score += 2
  78. else score += 1
  79.  
  80. score = score * 8
  81. if rule.principleType is ACL.ROLE
  82. switch rule.principleId
  83. when Role.OWNER then score += 4
  84. when Role.RELATED then score += 3
  85. when Role.AUTHENTICATED then score += 2
  86. when Role.UNAUTHENTICATED then score += 2
  87. when Role.EVERYONE then score += 1
  88. else score += 5
  89.  
  90. score = score * 4
  91. score += Context.permissionOrder[rule.perssion or ACL.ALLOW] - 1
  92. return score
  93.  
  94.  
  95.  
  96.  
  97.  
  98. ACL.ALL = Context.ALL
  99.  
  100. ACL.DEFAULT = Context.DEFAULT
  101. ACL.ALLOW = Context.ALLOW
  102. ACL.ALARM = Context.ALARM
  103. ACL.AUDIT = Context.AUDIT
  104. ACL.DENY = Context.DENY
  105.  
  106. ACL.READ = Context.READ
  107. ACL.WRITE = Context.WRITE
  108. ACL.EXECUTE = Context.EXECUTE
  109.  
  110. ACL.APP = Principle.APP
  111. ACL.ROLE = Principle.ROLE
  112. ACL.SCOPE = Principle.SCOPE
  113. ACL.USER = Principle.USER
  114.  
  115. module.exports = ACL
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!