Authorization and Authentication

Injectable as: auth

Provides functionality around user authentication, role checking, and data access permissions.

getCurrentUser(req)

Gets the User BusinessObject for the user currently logged in

Arguments

  • req – the request object (Express JS)

Returns

Promise.<User> – resolving to user account associated with the request, or false if none

updateUserPassword(req, newPassword)

Update password for a user; checks configured password complexity requirements if applicable.

Arguments

  • req – the request object (Express JS)

  • newPassword (string) –

Returns

Promise.<{"success"}>

getCurrentUserRoles(req)

Get roles for current user.

Arguments

  • req – the request object (Express JS)

Returns

Promise.<Array.<string>> – array of Role ids

checkRolesForUser(user, rolespec, noShortCircuit)

Check roles of a user account to determine if fullfills a role specficiation. If user has ROLE_SYSADMIN, it will automatically succeeds unless noShortCircuit is enabled.

Arguments

  • user (BusinessObject.<User>) – user Business Object

  • rolespec (Array.<string>) – list of role ids

  • noShortCircuit (boolean) – don’t short-circut check for ROLE_SYSADMIN

Returns

boolean – true if user passes role check

checkRoles(req, rolespec)

Check roles of a user account to determine if fullfills a role specficiation. If user has ROLE_SYSADMIN, it will automatically succeed.

Arguments

  • req – the request object (Express JS)

  • rolespec (Array.<string>) – list of role ids

Returns

boolean – Promise<> resolves to true on pass; rejects on failure

aggregateReadDacs(req, TargetBoModel)

Pulls together Read DACs that apply to TargetBoModel and the current user’s roles.

Arguments

  • req – the request object (Express JS)

  • TargetBoModel – the Business Object model

Returns

Promise.<{{condition, fieldRestrictions}}> – A promise resolving to aggregated DataAccessControl

aggregateUpdateDacs(req, TargetBoModel)

Pulls together Update DACs that apply to TargetBoModel and the current user’s roles.

Arguments

  • req – the request object (Express JS)

  • TargetBoModel – the Business Object model

Returns

Promise.<{{condition, fieldRestrictions}}> – A promise resolving to aggregated DataAccessControl

aggregateCreateDacs(req, TargetBoModel)

Pulls together Create DACs that apply to TargetBoModel and the current user’s roles.

Arguments

  • req – the request object (Express JS)

  • TargetBoModel – the Business Object model

Returns

Promise.<{{condition, fieldRestrictions}}> – A promise resolving to aggregated DataAccessControl

aggregateDeleteDacs(req, TargetBoModel)

Pulls together Delete DACs that apply to TargetBoModel and the current user’s roles.

Arguments

  • req – the request object (Express JS)

  • TargetBoModel – the Business Object model

Returns

Promise.<{{condition, fieldRestrictions}}> – A promise resolving to aggregated DataAccessControl

checkCondition(condObj, targetObject)

Utility to check a query condition against an object; used for conditional DACs

Arguments

  • condObj (object) –

  • targetObject (object) –

checkReadDacs(req, TargetBoModel, query)

Check Read DACs for a given user, BusinessObject class, and query. Returns a promise that either: a) Resolves to a query that has been modified to restrict access based on applicable DACs, or b) Rejects when DACs don’t allow read access to the requested TargetBoModel

Arguments

  • req – the request object (Express JS)

  • TargetBoModel – the Business Object model

  • query (object) – the original query

Returns

Promise