(inst)
| 348 | } |
| 349 | |
| 350 | function checkOwnership(inst) { |
| 351 | const ownerRelations = inst.constructor.settings.ownerRelations; |
| 352 | // collecting related users |
| 353 | const relWithUsers = []; |
| 354 | for (const r in modelClass.relations) { |
| 355 | const rel = modelClass.relations[r]; |
| 356 | // relation should be belongsTo and target a User based class |
| 357 | if (rel.type !== 'belongsTo' || !isUserClass(rel.modelTo)) { |
| 358 | continue; |
| 359 | } |
| 360 | |
| 361 | // checking related user |
| 362 | const relatedUser = rel.modelTo; |
| 363 | const userModelName = relatedUser.modelName; |
| 364 | const isMultipleUsers = _isMultipleUsers(relatedUser); |
| 365 | // a relation can be considered for isOwner resolution if: |
| 366 | // 1. the app has a single user model and principalType is 'USER' |
| 367 | // 2. the app has multiple user models and principalType is the related user model name |
| 368 | // In addition, if an array of relations if provided with the ownerRelations option, |
| 369 | // then the given relation name is further checked against this array |
| 370 | if ((!isMultipleUsers && principalType === Principal.USER) || |
| 371 | (isMultipleUsers && principalType === userModelName)) { |
| 372 | debug('Checking relation %s to %s: %j', r, userModelName, rel); |
| 373 | if (ownerRelations === true) { |
| 374 | relWithUsers.push(r); |
| 375 | } else if (Array.isArray(ownerRelations) && ownerRelations.indexOf(r) !== -1) { |
| 376 | relWithUsers.push(r); |
| 377 | } |
| 378 | } |
| 379 | } |
| 380 | if (relWithUsers.length === 0) { |
| 381 | debug('No matching belongsTo relation found for model %j and user: %j principalType: %j', |
| 382 | modelId, userId, principalType); |
| 383 | return callback(null, false); |
| 384 | } |
| 385 | |
| 386 | // check related users: someSeries is used to avoid spamming the db |
| 387 | async.someSeries(relWithUsers, processRelation, callback); |
| 388 | |
| 389 | function processRelation(r, cb) { |
| 390 | inst[r](function processRelatedUser(err, user) { |
| 391 | if (err || !user) return cb(err, false); |
| 392 | |
| 393 | debug('User found: %j (through %j)', user.id, r); |
| 394 | cb(null, matches(user.id, userId)); |
| 395 | }); |
| 396 | } |
| 397 | } |
| 398 | |
| 399 | // A helper function to check if the app user config is multiple users or |
| 400 | // single user. It can be used with or without a reference user model. |
no test coverage detected
searching dependent graphs…