MCPcopy Index your code
hub / github.com/strongloop/loopback / checkOwnership

Function checkOwnership

common/models/role.js:350–397  ·  view source on GitHub ↗
(inst)

Source from the content-addressed store, hash-verified

348 }
349
350 function checkOwnership(inst) {
351 const ownerRelations = inst.constructor.settings.ownerRelations;
352 // collecting related users
353 const relWithUsers = [];
354 for (const r in modelClass.relations) {
355 const rel = modelClass.relations[r];
356 // relation should be belongsTo and target a User based class
357 if (rel.type !== 'belongsTo' || !isUserClass(rel.modelTo)) {
358 continue;
359 }
360
361 // checking related user
362 const relatedUser = rel.modelTo;
363 const userModelName = relatedUser.modelName;
364 const isMultipleUsers = _isMultipleUsers(relatedUser);
365 // a relation can be considered for isOwner resolution if:
366 // 1. the app has a single user model and principalType is 'USER'
367 // 2. the app has multiple user models and principalType is the related user model name
368 // In addition, if an array of relations if provided with the ownerRelations option,
369 // then the given relation name is further checked against this array
370 if ((!isMultipleUsers && principalType === Principal.USER) ||
371 (isMultipleUsers && principalType === userModelName)) {
372 debug('Checking relation %s to %s: %j', r, userModelName, rel);
373 if (ownerRelations === true) {
374 relWithUsers.push(r);
375 } else if (Array.isArray(ownerRelations) && ownerRelations.indexOf(r) !== -1) {
376 relWithUsers.push(r);
377 }
378 }
379 }
380 if (relWithUsers.length === 0) {
381 debug('No matching belongsTo relation found for model %j and user: %j principalType: %j',
382 modelId, userId, principalType);
383 return callback(null, false);
384 }
385
386 // check related users: someSeries is used to avoid spamming the db
387 async.someSeries(relWithUsers, processRelation, callback);
388
389 function processRelation(r, cb) {
390 inst[r](function processRelatedUser(err, user) {
391 if (err || !user) return cb(err, false);
392
393 debug('User found: %j (through %j)', user.id, r);
394 cb(null, matches(user.id, userId));
395 });
396 }
397 }
398
399 // A helper function to check if the app user config is multiple users or
400 // single user. It can be used with or without a reference user model.

Callers 1

role.jsFile · 0.85

Calls 2

isUserClassFunction · 0.85
_isMultipleUsersFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…