Skip to content

Commit 1fb38a8

Browse files
author
Tom Kirkpatrick
committed
Clean up and standardie terminology
1 parent a81dbdc commit 1fb38a8

File tree

3 files changed

+34
-32
lines changed

3 files changed

+34
-32
lines changed

README.md

Lines changed: 21 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
This loopback component enables you to add multi-tenant style access controls to a loopback application. It enables you
44
to restrict access to model data based on a users roles within a specific context.
55

6-
# Usage
6+
## Usage
77

88
**Installation**
99

@@ -35,37 +35,39 @@ Options:
3535

3636
[String] : The name of the model that should be used to register group access role resolvers. *(default: 'Role')*
3737

38-
- `accessGroupModel`
39-
40-
[String] : The name of the model that should be used to store and check group access roles. *(default: 'AccessGroup')*
41-
4238
- `groupModel`
4339

4440
[String] : The model that is considered as a group. *(default: 'Group')*
4541

46-
- `foreignKey`
42+
- `groupAccessModel`
4743

48-
[String] : The foreign key that should be used to determine which access group a model belongs to. *(default: 'groupId')*
44+
[String] : The name of the model that should be used to store and check group access roles. *(default: 'GroupAccess')*
4945

50-
- `accessGroups`
46+
- `groupRoles`
5147

5248
[Array] : A list of group names. *(default: [ '$group:admin', '$group:member' ])*
5349

54-
# Tests
50+
- `foreignKey`
51+
52+
[String] : The foreign key that should be used to determine which access group a model belongs to. *(default: 'groupId')*
53+
54+
## Tests
5555

5656
### Roles
5757

58-
**everyone**
59-
noinvoice
58+
The following group roles roles are configured in the test data.
59+
60+
- **everyone**
61+
none
6062

61-
**authenticated**
62-
noinvoice
63+
- **authenticated**
64+
none
6365

64-
**$group:admin**
65-
create, read, update, delete
66+
- **$group:member**
67+
read
6668

67-
**$group:manager**
68-
create, read, update, delete
69+
- **$group:manager**
70+
create, read, update
6971

70-
**$group:member**
71-
create, read, update
72+
- **$group:admin**
73+
create, read, update, delete

lib/utils.js

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -12,18 +12,18 @@ module.exports = class AccessUtils {
1212
this.options = _defaults({ }, options, {
1313
userModel: 'User',
1414
roleModel: 'Role',
15-
accessGroupModel: 'AccessGroup',
1615
groupModel: 'Group',
17-
accessGroups: [
16+
groupAccessModel: 'GroupAccess',
17+
groupRoles: [
1818
'$group:admin',
1919
'$group:member'
2020
]
2121
});
2222
// Default the foreignKey to the group model name + Id.
2323
this.options.foreignKey = this.options.foreignKey || `${this.options.groupModel.toLowerCase()}Id`;
2424

25-
// Validate the format of options.accessGroups ($group:[role]).
26-
this.options.accessGroups.forEach(name => {
25+
// Validate the format of options.groupRoles ($group:[role]).
26+
this.options.groupRoles.forEach(name => {
2727
if (!this.isValidPrincipalId(name)) {
2828
throw new Error('$name is an invalid access group name.');
2929
}
@@ -38,7 +38,7 @@ module.exports = class AccessUtils {
3838
* Register a dynamic role resolver for each defined access group.
3939
*/
4040
setupRoleResolvers() {
41-
this.options.accessGroups.forEach(accessGroup => {
41+
this.options.groupRoles.forEach(accessGroup => {
4242
this.setupRoleResolver(accessGroup);
4343
});
4444
}
@@ -137,7 +137,7 @@ module.exports = class AccessUtils {
137137
const modelClass = this.app.models[modelName];
138138

139139
// TODO: Should we allow the access group model to be treated as a group content model too?
140-
if (modelName === this.options.accessGroupModel) {
140+
if (modelName === this.options.groupAccessModel) {
141141
return;
142142
}
143143

@@ -177,7 +177,7 @@ module.exports = class AccessUtils {
177177
}
178178

179179
// Otherwise lookup from the datastore.
180-
this.app.models[this.options.accessGroupModel].find({
180+
this.app.models[this.options.groupAccessModel].find({
181181
where: {
182182
userId
183183
}
@@ -263,7 +263,7 @@ module.exports = class AccessUtils {
263263
Role.registerResolver(accessGroup, (role, context, cb) => {
264264
const currentUserId = context.accessToken.userId;
265265
const roleName = this.extractRoleName(role);
266-
const AccessGroup = this.app.models[this.options.accessGroupModel];
266+
const GroupAccess = this.app.models[this.options.groupAccessModel];
267267
const scope = { };
268268

269269
// Do not allow anonymous users.
@@ -289,12 +289,12 @@ module.exports = class AccessUtils {
289289
const conditions = { userId: currentUserId, role: roleName };
290290

291291
conditions[this.options.foreignKey] = currentGroupId;
292-
actions.push(AccessGroup.count(conditions));
292+
actions.push(GroupAccess.count(conditions));
293293

294294
// If this is an attempt to save the item into a new group, check the user has access to the target group.
295295
if (targetGroupId && targetGroupId !== currentGroupId) {
296296
conditions[this.options.foreignKey] = targetGroupId;
297-
actions.push(AccessGroup.count(conditions));
297+
actions.push(GroupAccess.count(conditions));
298298
}
299299

300300
return actions;

test/fixtures/simple-app/server/component-config.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,15 @@
1010
"../../../../lib": {
1111
"userModel": "user",
1212
"roleModel": "Role",
13-
"accessGroupModel": "Team",
13+
"groupAccessModel": "Team",
1414
"groupModel": "Store",
1515
"foreignKey": "storeId",
16-
"accessGroups": [
16+
"groupRoles": [
1717
"$group:admin",
1818
"$group:manager",
1919
"$group:member"
2020
],
21-
"accessGroupModels": [
21+
"groupAccessModels": [
2222
"Invoice",
2323
"Transaction"
2424
]

0 commit comments

Comments
 (0)