Authorization and Authentication¶
Injectable as: auth
Provides functionality around user authentication, role checking, and data access permissions.
-
getCurrentUser
(req)¶ Gets the User BusinessObject for the user currently logged in
- Arguments
req – the request object (Express JS)
- Returns
Promise.<User> – resolving to user account associated with the request, or false if none
-
updateUserPassword
(req, newPassword)¶ Update password for a user; checks configured password complexity requirements if applicable.
- Arguments
req – the request object (Express JS)
newPassword (string) –
- Returns
Promise.<{"success"}> –
-
getCurrentUserRoles
(req)¶ Get roles for current user.
- Arguments
req – the request object (Express JS)
- Returns
Promise.<Array.<string>> – array of Role ids
-
checkRolesForUser
(user, rolespec, noShortCircuit)¶ Check roles of a user account to determine if fullfills a role specficiation. If user has ROLE_SYSADMIN, it will automatically succeeds unless noShortCircuit is enabled.
- Arguments
user (BusinessObject.<User>) – user Business Object
rolespec (Array.<string>) – list of role ids
noShortCircuit (boolean) – don’t short-circut check for ROLE_SYSADMIN
- Returns
boolean – true if user passes role check
-
checkRoles
(req, rolespec)¶ Check roles of a user account to determine if fullfills a role specficiation. If user has ROLE_SYSADMIN, it will automatically succeed.
- Arguments
req – the request object (Express JS)
rolespec (Array.<string>) – list of role ids
- Returns
boolean – Promise<> resolves to true on pass; rejects on failure
-
aggregateReadDacs
(req, TargetBoModel)¶ Pulls together Read DACs that apply to TargetBoModel and the current user’s roles.
- Arguments
req – the request object (Express JS)
TargetBoModel – the Business Object model
- Returns
Promise.<{{condition, fieldRestrictions}}> – A promise resolving to aggregated DataAccessControl
-
aggregateUpdateDacs
(req, TargetBoModel)¶ Pulls together Update DACs that apply to TargetBoModel and the current user’s roles.
- Arguments
req – the request object (Express JS)
TargetBoModel – the Business Object model
- Returns
Promise.<{{condition, fieldRestrictions}}> – A promise resolving to aggregated DataAccessControl
-
aggregateCreateDacs
(req, TargetBoModel)¶ Pulls together Create DACs that apply to TargetBoModel and the current user’s roles.
- Arguments
req – the request object (Express JS)
TargetBoModel – the Business Object model
- Returns
Promise.<{{condition, fieldRestrictions}}> – A promise resolving to aggregated DataAccessControl
-
aggregateDeleteDacs
(req, TargetBoModel)¶ Pulls together Delete DACs that apply to TargetBoModel and the current user’s roles.
- Arguments
req – the request object (Express JS)
TargetBoModel – the Business Object model
- Returns
Promise.<{{condition, fieldRestrictions}}> – A promise resolving to aggregated DataAccessControl
-
checkCondition
(condObj, targetObject)¶ Utility to check a query condition against an object; used for conditional DACs
- Arguments
condObj (object) –
targetObject (object) –
-
checkReadDacs
(req, TargetBoModel, query)¶ Check Read DACs for a given user, BusinessObject class, and query. Returns a promise that either: a) Resolves to a query that has been modified to restrict access based on applicable DACs, or b) Rejects when DACs don’t allow read access to the requested TargetBoModel
- Arguments
req – the request object (Express JS)
TargetBoModel – the Business Object model
query (object) – the original query
- Returns
Promise –