Allow filtering of roles during permission fetching

This adds an optional external whitelist of roles available to a user. Change-Type: minor Connects-To: #60 Signed-off-by: Andreas Fitzek <[email protected]>
balena-io · Aug 17, 2017 · f0be261 · f0be261
1 parent 0284e54
commit f0be261
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/src/sbvr-api/permissions.coffee b/src/sbvr-api/permissions.coffee
@@ -180,7 +180,10 @@ exports.setup = (app, sbvrUtils) ->
 			throw err
 		.nodeify(callback)
 
-	exports.getUserPermissions = getUserPermissions = (userId, callback) ->
+	exports.getUserPermissions = getUserPermissions = (userId, roles, callback) ->
+		if typeof roles is 'function'
+			callback = roles
+			roles = null
 		if _.isString(userId)
 			userId = _.parseInt(userId)
 		if !_.isFinite(userId)
@@ -206,6 +209,14 @@ exports.setup = (app, sbvrUtils) ->
 								uhr: expiry_date: null
 							,	uhr: expiry_date: $gt: $now: null
 							]
+		if roles?
+			innerFilter = _.get(permsFilter, '$or.is_of__role.$any.$expr.rhp.role.$any.$expr')
+			newFilter =
+				$and: [
+					innerFilter,
+					r: name: $in: roles
+			]
+			_.set(permsFilter, '$or.is_of__role.$any.$expr.rhp.role.$any.$expr', newFilter)
 		return getPermissions(permsFilter, callback)
 
 	exports.getApiKeyPermissions = getApiKeyPermissions = do ->